VBA/TrojanDownloader.Agent.CFX [Threat Name] go to Threat

VBA/TrojanDownloader.Agent.CFX [Threat Variant Name]

Category trojan
Size 34874 B
Detection created Dec 20, 2016
Signature database version 14634
Aliases Trojan-Downloader.MSWord.Agent.asdfvh (Kaspersky)
  W97M.Downloader (Symantec)
  TrojanDownloader:O97M/Donoff.CD (Microsoft)
Short description

VBA/TrojanDownloader.Agent.CFX is a trojan which tries to download other malware from the Internet.

Installation

The trojan does not create any copies of itself.

Other information

The trojan contains a list of (3) URLs.


It tries to download a file from the addresses. The HTTP protocol is used.


The files are stored in the following locations:

  • %temp%\­bogort%variable%

The %variable% is one of the following strings:

  • 0
  • 2
  • 4

The files contain encrypted executables.


After decryption the data is saved in the following files:

  • %temp%\­shtrina%variable%.ero

The files are then executed.


Trojan requires the Microsoft Word to run.

Please enable Javascript to ensure correct displaying of this content and refresh this page.