MSIL/Pontoeb [Threat Name] go to Threat

MSIL/Pontoeb.AB [Threat Variant Name]

Category trojan
Size 7248896 B
Detection created Jan 27, 2014
Detection database version 10071
Aliases Backdoor.Win32.Poison.giti (Kaspersky)
  VirTool:Win32/Vbinder (Microsoft)
Short description

MSIL/Pontoeb.AB is a trojan that installs MSIL/Pontoeb.N malware.

Installation

The trojan displays a fake error message:

  • Critical Error: Access violation at address 00477A78 in module svchost.exe. Write of address 00000000.

The trojan creates the following files:

  • %temp%\­RMS20.exe (6500385 B, MSIL/Pontoeb.AB)
  • %temp%\­p.exe (74240 B, MSIL/Pontoeb.N)

The files are then executed.

Other information

After the installation is complete, the trojan deletes the original executable file.


Trojan requires the Microsoft .NET Framework to run.

Please enable Javascript to ensure correct displaying of this content and refresh this page.