W32/Bombka.D!tr
Analysis
W32/Bombka.D!tr - 06-04-04
General Info:
This threat is a "PE" executable file
Network/Internet:
- It spreads through: mass-emailing
- Other Payloads: Listen on incoming ports
Files:
- Drop files: ".exe" + ".dll"
Installation to System:
- When run, it copies itself to:
It does not copy itself on the system. - Drops the following files:
It drops the file "game1.exe" in the user's temporary folder (e.g. c:\Document and Settings\[UserName]\Local Settings\Temp). It also drops the file kaboom.dll in the undefinedSYSTEMundefined folder.
Spreading in e-mails:
- Emails it generates use the following subjects:
- prendete una pausa... - un attimo di relax - Emails it generates use the following attachment names::
- darts-freccette.exe
More Info:
This trojan drops a darts game file in the user's temporary folder and launches it. At the same time, it drops the file kaboom.dll in the undefinedSYSTEMundefined folder and opens a backdoor. It also adds some registry entries to load the malicious dll file upon startup.