Win32/Dridex [Threat Name] go to Threat

Win32/Dridex.R [Threat Variant Name]

Category trojan
Size 4127 B
Detection created Jul 28, 2015
Detection database version 12007
Aliases TrojanDownloader:VBS/Drixed.D!lnk (Microsoft)
  VBS.DownLoader.294 (Dr.Web)
  LNK/Rogue.aiogqca (Avira)
  Trojan.LNK.HE (BitDefender)
Short description

Win32/Dridex.R is a trojan which tries to download other malware from the Internet.

Installation

When executed, the trojan copies itself into the following location:

  • %temp%\­%originalmalwarefilename%

The following file is dropped in the same folder:

  • %temp%\­1.vbe (2637 B, Win32/Dridex.R)

The trojan executes the following command:

  • C:\­Windows\­System32\­cmd.exe /c copy *.wav.lnk %tmp%&%systemdrive%&cd %tmp%&for /F %i in ('dir /b /s *.wav.lnk') do set x=%i&findstr /R /C:"#@~" %x% >1.vbe&cscript 1.vbe
Other information

The trojan contains a URL address.


It tries to download a file from the address.


The file is stored in the following location:

  • %temp%\­mikapolne.exe

The file is then executed. The HTTP protocol is used.

Please enable Javascript to ensure correct displaying of this content and refresh this page.