Win32/Buroonux [Threat Name] go to Threat

Win32/Buroonux.A [Threat Variant Name]

Category trojan
Size 73728 B
Detection created Jul 07, 2014
Detection database version 10056
Aliases Trojan:Win32/Buroonux.A (Microsoft)
  Trojan.MulDrop5.33375 (Dr.Web)
Short description

Win32/Buroonux.A is a trojan that steals sensitive information. The trojan is probably a part of other malware.

Installation

When executed, the trojan creates the following files:

  • %commonappdata%\­Microsoft\­Windows\­LiveUpdata_Mem\­CrtRunTime.log (53248 B, Win32/Buroonux.A)
  • %commonappdata%\­Microsoft\­Windows\­Burn\­%computername%.dll (Win32/Buroonux.A)
  • %currentfolder%\­1.dll (53248 B)

In order to be executed on every system start, the trojan sets the following Registry entry:

  • [HKEY_CURRENT_USER\­Software\­Microsoft\­Windows\­CurrentVersion\­Policies\­Explorer\­run]
    • "%computername%" = "%system%\­rundll32.exe "%commonappdata%\­Microsoft\­Windows\­Burn\­%computername%.dll ServiceMain""

The trojan may set the following Registry entries:

  • [HKEY_CURRENT_USER\­Software\­Microsoft\­Windows NT\­CurrentVersion\­Winlogon]
    • "shell" = "explorer.exe,"%system%\­rundll32.exe %commonappdata%\­Microsoft\­Windows\­Burn\­%computername%.dll ServiceMain""
  • [HKEY_CURRENT_USER\­Software\­Microsoft\­Windows Media]
    • "XC" = %binaryvalue%

The trojan may create and run a new thread with its own program code within any running process.


After the installation is complete, the trojan deletes the original executable file.

Other information

It may perform the following actions:

  • monitor network traffic
  • run executable files
  • delete Registry entries
  • create Registry entries
  • create files
  • delete files

Please enable Javascript to ensure correct displaying of this content and refresh this page.