Content

Generic Dropper.ay!5D73F214

Type
Trojan
SubType
-
Discovery Date
06/01/2008
Length
1121810
Minimum DAT
5307 (05/30/2008)
Updated DAT
5307 (05/30/2008)
Minimum Engine
5.2.00
Description Added
06/01/2008
Description Modified
06/01/2008 8:13 PM (PT)
Risk Assessment
Corporate User
Low
Home User
Low

Tab Navigation

Characteristics

File PropertyProperty Value
File Name14f2735d.exe
McAfee DetectionGeneric Dropper.ay
Length1,121,810 bytes
CRC325D73F214
MD5864A16045F346F0517B7023708CBB1E2
SHA19E3A007B02015396AA55ABC34416675A9D8E0687

Other Common Detection Aliases

Company NameDetection Name
Microsoftbackdoor:win32/bifrose
NormanW32/Bifrose.JJD
SophosMal/Behav-081
SymantecBackdoor.Bifrose

Avert® Labs has observed the following system activities:

ActivityRisk Level
Modifies Memory of Other Processes
High
Enumerates open windows
Low
Writes Executable in the Windows Folder
Low
Program often suspends itself
Informational

Other detections that have been observed.

File NameMcAfee Supported
c:\windows\windows\trojaner.exe
Generic Dropper.ay

System Changes

These are general defaults for typical path variables. (Although they may differ, these examples are common.):
%WinDir% = \WINDOWS (Windows 9x/ME/XP/Vista), \WINNT (Windows NT/2000)
%SystemDir% = \WINDOWS\SYSTEM (Windows 98/ME), \WINDOWS\SYSTEM32 (Windows XP/Vista), \WINNT\SYSTEM32 (Windows NT/2000)
%ProgramFiles% = \Program Files

The following files have been added to the system:

  • %WINDIR%\windows
  • %WINDIR%\windows\trojaner.exe
  • %WINDIR%\windows\trojaner.sys

    • The following registry elements have been created:

  • HKEY_LOCAL_MACHINE\software\classes\dllfile\shell\open\command\
    • (default) = rundll32.exe

    • Symptoms

    This symptoms of this detection are the files, registry, and network communication referenced in the characteristics section.

    Method of Infection

    Trojans do not self-replicate. They are spread manually, often under the premise that the executable is something beneficial. Distribution channels include IRC, peer-to-peer networks, newsgroup postings, e-mail, etc.

    Removal

    AVERT recommends to always use latest DATs and engine. This threat will be cleaned if you have this combination.

    Additional Windows ME/XP removal considerations

    Variants

    Variants

      N/A

    All Information

    Overview -

    This is a Trojan detection. Unlike viruses, Trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include e-mail, malicious or hacked Web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

    Characteristics

    Characteristics -

    File PropertyProperty Value
    File Name14f2735d.exe
    McAfee DetectionGeneric Dropper.ay
    Length1,121,810 bytes
    CRC325D73F214
    MD5864A16045F346F0517B7023708CBB1E2
    SHA19E3A007B02015396AA55ABC34416675A9D8E0687

    Other Common Detection Aliases

    Company NameDetection Name
    Microsoftbackdoor:win32/bifrose
    NormanW32/Bifrose.JJD
    SophosMal/Behav-081
    SymantecBackdoor.Bifrose

    Avert® Labs has observed the following system activities:

    ActivityRisk Level
    Modifies Memory of Other Processes
    		High
    Enumerates open windows
    		Low
    Writes Executable in the Windows Folder
    		Low
    Program often suspends itself
    		Informational

    Other detections that have been observed.

    File NameMcAfee Supported
    c:\windows\windows\trojaner.exe
    		Generic Dropper.ay

    System Changes

    These are general defaults for typical path variables. (Although they may differ, these examples are common.):
    %WinDir% = \WINDOWS (Windows 9x/ME/XP/Vista), \WINNT (Windows NT/2000)
    %SystemDir% = \WINDOWS\SYSTEM (Windows 98/ME), \WINDOWS\SYSTEM32 (Windows XP/Vista), \WINNT\SYSTEM32 (Windows NT/2000)
    %ProgramFiles% = \Program Files

    The following files have been added to the system:

  • %WINDIR%\windows
  • %WINDIR%\windows\trojaner.exe
  • %WINDIR%\windows\trojaner.sys

    • The following registry elements have been created:

  • HKEY_LOCAL_MACHINE\software\classes\dllfile\shell\open\command\
    • (default) = rundll32.exe

    • Symptoms

    Symptoms -

    This symptoms of this detection are the files, registry, and network communication referenced in the characteristics section.

    Method of Infection

    Method of Infection -

    Trojans do not self-replicate. They are spread manually, often under the premise that the executable is something beneficial. Distribution channels include IRC, peer-to-peer networks, newsgroup postings, e-mail, etc.

    Removal -

    Removal -

    AVERT recommends to always use latest DATs and engine. This threat will be cleaned if you have this combination.

    Additional Windows ME/XP removal considerations

    Variants

    Variants -

      N/A