Win32/TrojanDownloader.Small.CBA [Threat Name] go to Threat
Win32/TrojanDownloader.Small.CBA [Threat Variant Name]
Category | trojan |
Size | 1968 B |
Aliases | Trojan-Downloader.Win32.Small.cba (Kaspersky) |
TrojanDownloader:Win32/Agenttiny (Microsoft) |
Short description
Win32/TrojanDownloader.Small.CBA is a trojan which tries to download other malware from the Internet. The file is run-time compressed using FSG .
Installation
When executed, the trojan copies itself into the following location:
- %windir%\system32n%variable%
A string with variable content is used instead of %variable% .
In order to be executed on every system start, the trojan sets the following Registry entry:
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "RUN DLL" = "%windir%\system32n%variable%"
The trojan may set the following Registry entries:
- [HKEY_LOCAL_MACHINE\SOFTWARE\wbd]
- "httpkb1" = %variable%
The %variable% represents a random number.
Other information
Win32/TrojanDownloader.Small.CBA is a trojan which tries to download other malware from the Internet.
The trojan contains a URL address.
It tries to download a file from the address.
The file is stored in the following location:
- %temp%\q1.exe
The file is then executed. The HTTP protocol is used.