SecurityHome.eu Trojan.Downloader.JS.Agent.PB

Home / malware PDF

Trojan.Downloader.JS.Agent.PB

First posted on 21 November 2011.
Source: BitDefender
Aliases :
Trojan.Downloader.JS.Agent.PB is also known as Exploit:Win32/Senglot.J;, Trojan-Downloader:JS/Agent.CQY;, JS/TrojanDownloader.Agent.NDL.
Explanation :
This trojan is written in JavaScript and it exploits a buffer overflow vulnerability of BaoFeng Storm ActiveX Control ( identified with the following CLSID: 6BE52E1D-E586-474F-A6E2-1A85A9B4D9FB). This is done by passing a long argument into rawParse() method of Mps.dll.
If the code stored in a JavaScript unescaped sequence is executed, it will download a malware from the following URL: http://www.[removed]hena.com/test.exe, save it under a.exe ant then execute it. When this description was made, the URL wasn't active.
Last update 21 November 2011

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20

Family:

Exploit.JS.Agent.F
Trojan-Downloader:HTML/Agent.DY
Trojan.Downloader.JS.Agent.PB
Trojan-Dropper:W32/Agent.CMW
Trojan-Downloader:W32/Agent.TPF
Trojan-Dropper:W32/Agent.DSM
Trojan-Downloader:W32/Agent.BOY
Trojan-Dropper:W32/Agent.PR
Email-Worm:W32/Agent.BC
Trojan.Clicker.Agent.NP