W32/Bredolab.A!tr.dldr

Alias/esBackdoor.Win32.Bredolab.ez, W32/Bredolab.D, Trj/Sinowal.WMF
Release DateAug 21, 2009
Detection Availability
Active DatabaseExtended Database
FortiGatelowhigh
FortiClient
FortiMailN/A
Current Antivirus Definition Database Version: 11.591
Description

Visible Symptoms

  • The W32/Bredolab.A!tr.dldr file exists in the Startup folder of the current user.
  • Possible firewall alert that an executable is attempting to connect to the internet.

Detailed Analysis


W32/Bredolab.A!tr.dldr downloads and executes other malicious files silently.


Technical Details

  • This sample tries to download other files from the following URL:

    • http://[Removed]/def/controller.php?action=bot&entity_list=&uid=&first=1&guid=[Removed]&rnd=[Removed]

  • It copies itself to the Startup folder of the current user in order to be launched at every session startup.


Reference: ID - 1001181