Modified by: Jaime Benigno Reyes
ALIASES:

TrojanDownloader:Win32/Brantall.C (Microsoft); Trojan.Gen.3 (Symantec); Trojan-Downloader.Win32.BrainInst.gb (Kaspersky); InstallBrain (fs) (Sunbelt); Trojan horse Downloader.Generic13.BRCS (AVG)

 PLATFORM:

Windows

 OVERALL RISK RATING:
 DAMAGE POTENTIAL:
 DISTRIBUTION POTENTIAL:
 REPORTED INFECTION:
 INFORMATION EXPOSURE:

  • Threat Type: Adware

  • Destructiveness: No

  • Encrypted:

  • In the wild: Yes

  OVERVIEW

This adware may be manually installed by a user.

  TECHNICAL DETAILS

Tamaño del archivo 737,568 bytes
Tipo de archivo EXE
Residente en memoria Yes
Fecha de recepción de las muestras iniciales 24 Oct 2014

Arrival Details

This adware may be manually installed by a user.

Installation

This adware creates the following folders:

  • %User Temp%\ibtmpc810632

(Note: %User Temp% is the user's temporary folder, where it usually is C:\Documents and Settings\{user name}\Local Settings\Temp on Windows 2000, Windows Server 2003, and Windows XP (32- and 64-bit); C:\Users\{user name}\AppData\Local\Temp on Windows Vista (32- and 64-bit), Windows 7 (32- and 64-bit), Windows 8 (32- and 64-bit), Windows 8.1 (32- and 64-bit), Windows Server 2008, and Windows Server 2012.)

Other Details

This adware connects to the following possibly malicious URL:

  • http://www.{BLOCKCED}ogic.com/installer/632/start.cf?cmp=34&sub=4019&rkey={random key}