Analysis by: Vincent Martin Hermosura

ALIASES:

TrojanDownloader:O97M/Lerkdoto.A (Microsoft), Trojan.Mdropper (Symmantec), Exploit-FCB!716A94594112 (Mcafee), Troj/DocDl-N (Sophos), W97M.Downloader.W (Bitdefender), Trojan-Downloader.VBA.Agent (Ikarus), VBA/TrojanDownloader.Agent.AE trojan (Esset)

 PLATFORM:

Windows 2000, Windows Server 2003, Windows XP (32-bit, 64-bit), Windows Vista (32-bit, 64-bit), Windows 7 (32-bit, 64-bit)

 OVERALL RISK RATING:
 DAMAGE POTENTIAL:
 DISTRIBUTION POTENTIAL:
 REPORTED INFECTION:
 INFORMATION EXPOSURE:

  • Threat Type: Trojan

  • Destructiveness: No

  • Encrypted:

  • In the wild: Yes

  OVERVIEW

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

It executes the downloaded files. As a result, malicious routines of the downloaded files are exhibited on the affected system.

  TECHNICAL DETAILS

Tamaño del archivo 34816 bytes
Tipo de archivo DOC
Fecha de recepción de las muestras iniciales 12 Aug 2014

Arrival Details

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

Download Routine

This Trojan accesses the following websites to download files:

  • http://{BLOCKED}ansteve.com/torrent.exe

It then executes the downloaded files. As a result, malicious routines of the downloaded files are exhibited on the affected system.