Win32/Yebid [Threat Name] go to Threat

Win32/Yebid.A [Threat Variant Name]

Category trojan
Size 131584 B
Detection created Aug 21, 2012
Detection database version 7406
Aliases Trojan-Downloader.Win32.Small.bmky (Kaspersky)
  Trojan:Win32/Yebid.A (Microsoft)
Short description

Win32/Yebid.A is a trojan which tries to download other malware from the Internet.

Installation

When executed, the trojan creates the following folders:

  • %currentfolder%\­DigitalGlobe's Insurance Plans and Pension Summary Plan Descriptions\­
  • %temp%\­~unzip012~\­

The trojan creates the following files:

  • %currentfolder%\­DigitalGlobe's Insurance Plans and Pension Summary Plan Descriptions\­DigitalGlobe's Insurance Plans and Pension Summary Plan Descriptions.pdf (20932 B)
  • %temp%\­~unzip012~\­msconfig.exe (7168 B, Win32/Yebid.A)

The trojan runs the following process:

  • %temp%\­~unzip012~\­msconfig.exe

After the installation is complete, the trojan deletes the original executable file.

Other information

The trojan acquires data and commands from a remote computer or the Internet.


The trojan contains an URL address. The HTTP protocol is used.


The trojan tries to download a file from the Internet.


The file is stored in the following location:

  • %temp%\­svc%variable%.tmp

The file is then executed.


A string with variable content is used instead of %variable% .

Please enable Javascript to ensure correct displaying of this content and refresh this page.