Win32/TrojanDownloader.Agent.AXM [Threat Name] go to Threat

Win32/TrojanDownloader.Agent.AXM [Threat Variant Name]

Category trojan
Size 643130 B
Detection created Nov 19, 2014
Detection database version 10748
Aliases Trojan-Downloader.Win32.Bavload.a (Kaspersky)
  TrojanDownloader:Win32/Bavload.A (Microsoft)
  Trojan.Gen (Symantec)
Short description

Win32/TrojanDownloader.Agent.AXM is a trojan which tries to download other malware from the Internet.

Installation

The trojan does not create any copies of itself.


The trojan may create the following files:

  • %currentfolder%\­sd.bat
  • %currentfolder%\­an.bat
Other information

The trojan checks for Internet connectivity by trying to connect to the following addresses:

  • http://www.baidu.com/search/error.html

The trojan contains a list of (2) URLs.


It tries to download several files from the addresses.


These are stored in the following locations:

  • %programfiles%\­BaiduEx\­BaiduSd.txt
  • %programfiles%\­BaiduEx\­BaiduAn.txt

The files are then executed. The HTTP protocol is used.


The trojan attempts to delete the following files:

  • %commondesktopdirectory%\­百度杀毒.lnk
  • %commondesktopdirectory%\­百度卫士.lnk
  • %programfiles%\­baidu\­BaiduAn\­2.3.0.2225\­uninst.exe
  • %programfiles%\­baidu\­BaiduSd\­1.8.0.1255\­uninst.exe
  • %programfiles%\­BaiduEx\­BaiduAn.txt
  • %programfiles%\­BaiduEx\­BaiduLog.txt
  • %programfiles%\­BaiduEx\­BaiduSd.txt
  • %currentfolder%\­log.txt

The trojan interferes with the operation of some security applications to avoid detection.

Please enable Javascript to ensure correct displaying of this content and refresh this page.