Trojan-Downloader.Win32.Tibs.aw

tag:Trojan Downloaders

0 0

This Trojan program downloads files via the Internet without the user's knowledge or consent.

The Trojan itself is a Windows PE EXE file approximately 6KB in size, packed using FSG. The unpacked file is approximately 49KB in size.

Once launched the Trojan creates a file named "kernels64.exe" in the Windows system directory:

%System%\kernels64.exe

It then registers this file in the system registry, ensuring that the Trojan will be launched each time Windows is rebooted on the victim machine:

[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
"System" = "%System%\kernels64.exe"

This Trojan will download, install and launch for execution other malicious programs (Pornware) on the victim machine.

previous:Trojan-Downloader.Win32.Swizzor.cc
previous:Trojan-Downloader.Win32.Tibser.c

Virus Source from:

New articles

Trojan.Win32.Oficla.dvThis Trojan downloads files from the Internet and launches them without the user’s knowledge or consent. It is a Windows PE EXE file. It is 35840 byte...Conficker.CIt exploits the vulnerability MS08-067 in the Windows Server Service in order to spread itself. It also spreads through shared and removable drives. It reduces ...Downloader.MDW It reduces the security level of the computer: it notifies the attacker that the computer has been compromised and is ready to be used maliciously; it chan...Trojan.Downloader.WMA.Wimad.ZThis is another copy of the Trojan.Downloader.Wimad.A . It behaves in a similar way and even downloads from the same webpage ( hxxp://missing-codecs.net ) which...Trojan.Downloader.WMA.Wimad.SThis is another copy of the Trojan.Downloader.Wimad.A . It behaves in a similar way and even downloads from the same webpage ( www.fastmp3player.com ) which mea...

Hot Articles

Trojan-Downloader.Win32.Tibs.aw

Computer Virus Clounds