| | site-map | e-mail

User:

Guest

Name: Password:

www.center.hu / Archive / Security news / may, 2005 / Win32.Multidropper.Q (Ca.com) 

Win32.Multidropper.Q (Ca.com)

Win32.Multidropper.Q (Ca.com)

Characteristics

Type: Trojan
Category: Win32
Also known as Generic MultiDropper.f (McAfee), Win32/Multidropper.Q.155136!DLL!

Description

Win32.Multidropper.Q is a trojan that drops a malicious file onto the infected machine. It is a UPX-packed DLL file that is downloaded by a Win32.SillyDL trojan variant.


Method of Infection
When executed, Win32.Multidropper.Q drops the file ˝shawn.exe˝ to the %System% folder and executes it. This file is detected as the trojan Win32.SillyDl.GT!dropper. This file then drops and executes the trojans Win32.SillyDl.GT and Win32.Startpage.NJ.

Note: ´%System%´ is a variable location. The malware determines the location of the current System folder by querying the operating system. The default installation location for the System directory for Windows 2000 and NT is C:WinntSystem32; for 95,98 and ME is C:WindowsSystem; and for XP is C:WindowsSystem32.

Please refer to the SillyDl and Startpage family descriptions for more information about these trojans.

Analysis by Amir Fouda

More information on CA Virus Information Center: 
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=31792

Computer Associates – the Trusted Source of Security Knowledge

2005-05-05 16:56

Back