VBA/TrojanDownloader.Agent.CGB [Threat Name] go to Threat

VBA/TrojanDownloader.Agent.CGB [Threat Variant Name]

Category trojan
Size 34086 B
Aliases Trojan-Downloader.MSWord.Agent.asdfvh (Kaspersky)
  TrojanDownloader:O97M/Donoff.CD (Microsoft)
  W97M.DownLoader.1341 (Dr.Web)
Short description

VBA/TrojanDownloader.Agent.CGB is a trojan which tries to download other malware from the Internet.


The trojan does not create any copies of itself.

Other information

The trojan contains a list of (3) URLs.

It tries to download a file from the addresses.

The file is stored in the following location:

  • %temp%\­bogort%number%

The %number% represents a random number.

The files contain encrypted executables.

After decryption the data is saved in the following files:

  • %temp%\­shtrina%number%.ero

The file is then executed. The HTTP protocol is used in the communication.

The %number% represents a random number.

Trojan requires the Microsoft Word to run.

Please enable Javascript to ensure correct displaying of this content and refresh this page.