Home / malwarePDF  


First posted on 26 April 2020.
Source: Microsoft

Aliases :

TrojanDownloader:Win32/Bofang.B is also known as Trojan.Downloader.JKXJ, Trojan.DownLoad.5767, a variant of Win32/TrojanDownloader.FakeAlert.JI, Trojan.Win32.Small.ycw, Generic Downloader.x.

Explanation :

TrojanDownloader:Win32/Bofang.B is a trojan that downloads malware from a predefined remote Web site.  InstallationWhen run, TrojanDownloader:Win32/Bofang.B copies itself to: %USERPROFILE%Application DataAdobePlayer.exe The registry is modified to run this copy. Adds value: "(default)"With data: "%USERPROFILE%Application DataAdobePlayer.exe"To subkey: HKCUSoftwareMicrosoftWindowsCurrentVersionRun  Payload Downloads MalwareTrojanDownloader:Win32/Bofang.B uses BITS (Background Intelligent Transfer Service) to download additional malware from the IP address  Analysis by Vitaly Zaytsev

Last update 26 April 2020