English
Log in
Search
The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1

HomeDescriptionsTrojan.Win32.Obfuscated.en

Trojan.Win32.Obfuscated.en

Detected Jan 20 2010 12:02 GMT
Released Jan 20 2010 17:07 GMT

This is a description which has been automatically generated following analysis of this program on a test machine. This description may contain incomplete or inaccurate information.

Summary


Technical details

File size of 590848 bytes.


Installation

Creates the following files on an infected computer:

  • Directory of users' settings%Documents and Settings%\All Users\Application Data\BIN ANTE DELETE USER\Road soft up


Malicious activity

Injects its code into the following processes:

  • IEXPLORE.EXE
  • explorer.exe

Searches for message windows in order to bypass monitoring and debugging:
Class:Progman
TitleProgram Manager

Creates unique identifiers to flag its presence in the system

  • Local\0F6DB69F
  • Local\035F4C63
  • Local\C31609D2


Other activities

Runs the following files (commands):

  • Standard directory for programs installed on Windows OS (usually, C:\Program Files)%Program Files%\Internet Explorer\iexplore.exe

Searches for the following windows:
Class:Shell_TrayWnd
Class:SHELLDLL_DefView
Class:SysListView32



Print
Bookmark and Share
Share
Trojans
Trojan

This type of behaviour covers malicious programs that delete, block, modify, or copy data, disrupt computer or network performance, but which cannot be classified under any of the behaviours identified above.

This classification also covers “multipurpose” Trojan programs, i.e. those that are capable of conducting several actions at once and which demonstrate several Trojan behaviours in a single program. This means they cannot be indisputably classified as having any single behaviour.


Aliases

Trojan.Win32.Obfuscated.en (Kaspersky Lab) is also known as:

  • Trojan: Downloader-BCM (McAfee)
  • Mal/Swizzor-B (Sophos)
  • Adware/Lop (Panda)
  • Malicious Packer (Panda)
  • W32/Trojan.AHDT (FPROT)
  • TrojanDownloader:Win32/Swizzor.MB (MS(OneCare))
  • Trojan.Packed.149 (DrWeb)
  • Win32/Obfuscated.A1 trojan (Nod32)
  • Trojan.FatObfus.Gen (BitDef7)
  • Adware.Lop.Gen (VirusBuster)
  • Win32:Obfuscated-EJ [Trj] (AVAST)
  • Trojan.Win32.Obfuscated (Ikarus)
  • Trojan-Downloader.Win32.Swizzor (Ikarus)
  • Downloader.Obfuskated (AVG)
  • Downloader.Lop (NAV)
  • Adware.ADH (NAV)
  • NseCheckFile2() returned 0x00010018 (Norman)
  • Downloader-BCM (NAI)
  • TROJ_DLOADER.KWA (PCCIL)
  • Adware.Lop.Gen (VirusBusterBeta)

© 1997-2012 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.

kaspersky.com

Products

eStore

Threats

Downloads

Support

Partners

About Us

Search

securelist.com

Threats

Analysis

Blog

Descriptions

Glossary

RSS feeds

Contacts

Search