W32/Dropper.3AC0!tr

Alias/esTrojan.Win32.Oficla.bk (KAV), W32/Bredolab.2!Generic (F-Prot)
Release DateJun 28, 2010
Detection Availability
Active DatabaseExtended Database
FortiGatelowhigh
FortiClient
FortiMailN/A
Current Antivirus Definition Database Version: 12.309
Description

Visible Symptoms


  • The following files exist:

    • %Temp%\[Number].tmp
    • %System%\fjof.sto

  • Possible firewall alert that an executable program is attempting to connect to the Internet.

Detailed Analysis



This trojan drops a DLL file issued by the Sasfis botnet. A detailed description and analysis of the Sasfis botnet can be viewed at the following URL: Sasfis Detailed Description.


  • It drops the following files:

    • %Temp%\[Number].tmp
    • %System%\fjof.sto

  • It adds the following registry entries:

    • key: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    • value: Shell
    • data: Explorer.exe rundll32.exe fjof.sto vffwd


Description Last Updated Date: Jun 30, 2010
Reference: ID - 1918279