VBA/TrojanDownloader.Agent.CGB [Threat Name] go to Threat

VBA/TrojanDownloader.Agent.CGB [Threat Variant Name]

Category trojan
Size 34086 B
Detection created Dec 20, 2016
Detection database version 14636
Aliases Trojan-Downloader.MSWord.Agent.asdfvh (Kaspersky)
  TrojanDownloader:O97M/Donoff.CD (Microsoft)
  W97M.DownLoader.1341 (Dr.Web)
Short description

VBA/TrojanDownloader.Agent.CGB is a trojan which tries to download other malware from the Internet.

Installation

The trojan does not create any copies of itself.

Other information

The trojan contains a list of (3) URLs.


It tries to download a file from the addresses.


The file is stored in the following location:

  • %temp%\­bogort%number%

The %number% represents a random number.


The files contain encrypted executables.


After decryption the data is saved in the following files:

  • %temp%\­shtrina%number%.ero

The file is then executed. The HTTP protocol is used in the communication.


The %number% represents a random number.


Trojan requires the Microsoft Word to run.

Please enable Javascript to ensure correct displaying of this content and refresh this page.