MSIL/Fbtaken [Threat Name] go to Threat
MSIL/Fbtaken.B [Threat Variant Name]
|Detection created||Nov 07, 2016|
|Signature database version||14404|
The trojan serves as a backdoor. It can be controlled remotely.
The trojan does not create any copies of itself.
The trojan schedules a task that causes the following file to be executed repeatedly:
The trojan executes the following command:
- schtasks /Create /SC MINUTE /TN\"fbapp\" /MO 5 /TR\"\"%malwarefilepath%\"\" /F /RL HIGHEST
The trojan collects the following information:
- country code
- malware version
The following programs are affected:
- Google Chrome
- Internet Explorer
- Mozilla Firefox
The trojan attempts to send gathered information to a remote machine.
The trojan acquires data and commands from a remote computer or the Internet.
The trojan contains a list of (2) URLs. The HTTP protocol is used in the communication.
It can execute the following operations:
- "like" posts on social networks
- share posts on social networks
- create posts on social networks
- steal social network account credentials
The following social networking sites are affected:
The trojan keeps various information in the following Registry key:
The trojan keeps various information in the following files:
Trojan requires the Microsoft .NET Framework to run.