\stub\stub1.4_newmod\WinSrv.vbp

Submitted by cod on Fri, 2008-10-03 04:11. Malware

I found a VB malware inside WinRar sfx. This malware retrieve a dropper from a website
that drop on hard disk a trojan (TR/Buzus.ztk for AVIRA).

The WinRar sfx extract on user TEMP folder two files, start.exe and the original Sfx archive,
executing start.exe (the malware) and the sfx.

The malware get dropper from an URL (hxxp://67.159.57.83/setup.exe) using wininet.InternetOpenUrlA.

The dropper create on folder an exe file (Setup_ver1.1585.2.exe) with trojan.

» cod's blog | login or register to post comments