Malware and threats description

Computer threads and malicious software description

VB.BKX

2013-02-10

Aliases: Trojan.Win32.VB.bkx

Category: Malware

Parameters: Platform: W32

Short description

Trojan horses are malware which are presented as legal software. They can’t spread by themselves.

Long description

File system changes

Created the following files:

%temp%\win32.exe
%windir%\system32\drivers\etc\hosts

Removes the files:

%cwd%\sample.exe
%windir%\system32\drivers\etc\hosts

Changes the processes

Creates the process:

%programfiles%\Internet Explorer\IEXPLORE.EXE

Uses the following temporary processes:

%localsettings\Temp\win32.exe

Creates the following mutexes:

IEXPLORE.EXE: _SHuassist.mtx
IEXPLORE.EXE: CritOpMutex

Network activity

It tries to download files from:

http://bux.to/[REMOVED].php

Registry changes

It write the following values:

HKCU\Software\Microsoft\Internet Explorer\Main
FullScreen = no

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\\\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count HRZR_PGYFRFFVBA = \x94\x3F\x43\x0E\x28\x00\x00\x00