Threat Encyclopedia

Home > Threat Center > Threat Encyclopedia

Selected viruses, spyware, and other threats: sorted alphabetically

O
P
Q
R
S
T
U
V
W
X
Y
Z
Glossary

Short description

The trojan tries to download several files from the Internet. The files are then executed.

Installation

When executed, the trojan copies itself into the following location:

%userprofile%\%username%.exe

In order to be executed on every system start, the trojan sets the following Registry entry:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\
Run]
"%username%" = "%userprofile%\%username%.exe"

Other information

The trojan creates and runs a new thread with its own program code within one of the running processes.

The trojan contains a list of (9) URLs. It tries to download several files from the addresses.

These are stored in the following locations:

%temp%\BN%variable%.tmp

A string with variable content is used instead of %variable% .

The downloaded files contain encrypted executables. After decryption, the trojan runs these files.

The trojan launches the following processes:

netsh.exe firewall set allowedprogram %filepath% ENABLE

The performed command creates an exception in the Windows Firewall.

All Products:

Cart About ESET Partners United States and Canada

© 2012 ESET North America. All rights reserved. Trademarks used herein are trademarks or registered trademarks of ESET spol. s r.o. or ESET North America.
All other names and brands are registered trademarks of their respective companies.