Win32/RBrute [Threat Name] go to Threat

Win32/RBrute.B [Threat Variant Name]

Category trojan
Size 15872 B
Detection created Mar 26, 2014
Detection database version 9598
Aliases Trojan.Win32.Agent.ibxz (Kaspersky)
  Trojan:Win32/Malagent (Microsoft)
  Trojan.Pramro (Symantec)
  Win32:Dropper-gen (Avast)
Short description

The trojan serves as a proxy server. The trojan is probably a part of other malware. The file is run-time compressed using UPX .

Installation

The trojan does not create any copies of itself.


The following Registry entry is set:

  • [HKEY_LOCAL_MACHINE\­SYSTEM\­CurrentControlSet\­Services\­SharedAccess\­Parameters\­FirewallPolicy\­StandardProfile\­AuthorizedApplications\­List]
    • "%malwarefilepath%" = "%malwarefilepath%:*:Enabled:ipsec"

The performed data entry creates an exception in the Windows Firewall program.

Other information

The trojan opens TCP port 80 .


A SOCKS proxy is listening there.


The trojan connects to the following addresses:

  • http://17%removed%47:108/?s=%number%

Please enable Javascript to ensure correct displaying of this content and refresh this page.