Malware and threats description

VB.BKX

2013-02-10

Aliases: Trojan.Win32.VB.bkx

Category: Malware

Parameters: Platform: W32

Short description

Trojan horses are malware which are presented as legal software. They can’t spread by themselves.

Long description

File system changes

Created the following files:


              %temp%\win32.exe 

              %windir%\system32\drivers\etc\hosts

Removes the files:


              %cwd%\sample.exe 

              %windir%\system32\drivers\etc\hosts

Changes the processes

Creates the process:


              %programfiles%\Internet Explorer\IEXPLORE.EXE

Uses the following temporary processes:


              %localsettings\Temp\win32.exe

Creates the following mutexes:


              IEXPLORE.EXE: _SHuassist.mtx 

              IEXPLORE.EXE: CritOpMutex

Network activity

It tries to download files from:


              http://bux.to/[REMOVED].php

Registry changes

It write the following values:


              HKCU\Software\Microsoft\Internet Explorer\Main 

              FullScreen = no 

              
              
 
              HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\\\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count HRZR_PGYFRFFVBA = \x94\x3F\x43\x0E\x28\x00\x00\x00

InfoLab

Computer threads and malicious software description