What is TrustedSource? | Create Account | Login 
Secure Computing Corporation
 
Home  Threats and Trends  Malware Information
TrustedSource™ Query
Enter IP address, CIDR range, domain name or URL:
Search
 

Malware Information

Malware nameTrojan.Agent.247296
TypeTrojan
Affected platformWin32
Media-Typeapplication/executable
MD5 checksumD38815B9E2DF47994DC301AD5EB7E3C2
Static fileyes
Filesize247,296 Bytes
Alias names
(also known as)
Webwasher ProactiveVirus.Win32.FileInfector.gen
McAfeePWS-Banker.dldr
Protection
Webwasher ProactiveDatabase Version: 70
Side effectsRegistry modification
PropagationNo own spreading routine

Description:

Registry

It registers a browser helper object (BHO) by adding the following key:

– [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
Browser Helper Objects\{18CB1A7B-94CD-4582-8022-ADA16851E44B}]
• (Default)="LabelCommand module"



The following registry keys are added:

– [HKCR\CLSID\{18CB1A7B-94CD-4582-8022-ADA16851E44B}\InprocServer32]
• "(Default)"="%malware execution directory%\%executed file%"
• "ThreadingModel"="Apartment"

– [HKCR\LabelCommand.LabelCommand\CurVer]
• (Default)="LabelCommand.LabelCommand.1"

File details

Programming language:
 The malware program was written in MS Visual C++.


Runtime packer:
In order to aggravate detection and reduce size of the file it is packed with the following runtime packer:
• UPX
Secure Computing Corporate Homepage | Contact | Privacy Policy | Disclaimer

Copyright © 2007-2008 Secure Computing Corporation. All Rights Reserved.

THE DATA IS FURNISHED, "AS IS" WITHOUT ANY WARRANTY OF ANY KIND, AND SECURE COMPUTING® HEREBY DISCLAIM ALL WARRANTIES, EXPRESS, IMPLIED OR STATUTORY INCLUDING, WITHOUT LIMITATION, ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, AND ANY WARRANTIES AS TO NON-INFRINGEMENT, AND IN NO EVENT SHALL SECURE COMPUTING® BE LIABLE FOR COSTS OF PROCURING SUBSTITUTE GOODS. IN NO EVENT WILL SECURE COMPUTING® BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, INCIDENTAL, EXEMPLARY, OR OTHER DAMAGES WHETHER OR NOT SECURE COMPUTING® HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH LOSS OR DAMAGE.