Win32/TrojanDownloader.Small.CBA [Threat Name] go to Threat

Win32/TrojanDownloader.Small.CBA [Threat Variant Name]

Category trojan
Size 1968 B
Aliases Trojan-Downloader.Win32.Small.cba (Kaspersky)
  TrojanDownloader:Win32/Agenttiny (Microsoft)
Short description

Win32/TrojanDownloader.Small.CBA is a trojan which tries to download other malware from the Internet. The file is run-time compressed using FSG .

Installation

When executed, the trojan copies itself into the following location:

  • %windir%\­system32n%variable%

A string with variable content is used instead of %variable% .


In order to be executed on every system start, the trojan sets the following Registry entry:

  • [HKEY_LOCAL_MACHINE\­SOFTWARE\­Microsoft\­Windows\­CurrentVersion\­Run]
    • "RUN DLL" = "%windir%\­system32n%variable%"

The trojan may set the following Registry entries:

  • [HKEY_LOCAL_MACHINE\­SOFTWARE\­wbd]
    • "httpkb1" = %variable%

The %variable% represents a random number.

Other information

Win32/TrojanDownloader.Small.CBA is a trojan which tries to download other malware from the Internet.


The trojan contains a URL address.


It tries to download a file from the address.


The file is stored in the following location:

  • %temp%\­q1.exe

The file is then executed. The HTTP protocol is used.

Please enable Javascript to ensure correct displaying of this content and refresh this page.