|Detected||Jun 28 2011 03:55 GMT|
|Released||Jun 28 2011 06:04 GMT|
|Published||Sep 08 2011 13:21 GMT|
A trojan program. It is a Windows application (PE-EXE file). 244927 bytes. This malware is created using the system to create the installation packages Nullsoft Scriptable Install System.
When starting to run automatically, the trojan will add a link to its executable file in the system registry startup key each time the system is started up again:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run] "bcm"="<Original Filename>"
The trojan will retrieve the file from its body and will save it under the following name:
%AppData%\bcm\bcm.exeThis file is 743936 bytes and is a client program for bitcoin generation. The trojan will launch the created file with certain parameters. The following details will be used as the password and login:
Login: firstname.lastname@example.org Password: J3***Q0xaThe infected computer will therefore be used by the attacker to generate bitcoins in its own wallet.
If your computer has not been protected by antivirus software and has been infected by this malware, you will need to take the following steps to delete this:
This type of behaviour covers malicious programs that delete, block, modify, or copy data, disrupt computer or network performance, but which cannot be classified under any of the behaviours identified above.
This classification also covers “multipurpose” Trojan programs, i.e. those that are capable of conducting several actions at once and which demonstrate several Trojan behaviours in a single program. This means they cannot be indisputably classified as having any single behaviour.