Win32/TrojanDownloader.Carberp [Threat Name] go to Threat

Win32/TrojanDownloader.Carberp.B [Threat Variant Name]

Category trojan
Size 67584 B
Aliases Trojan.Win32.Agent.eegl (Kaspersky)
  Trojan.PWS.Banker.48345 (Dr.Web)
  Suspicious:W32/Malware!Gemini (F-Secure)
Short description

The trojan serves as a backdoor. It can be controlled remotely. The trojan tries to download and execute several files from the Internet.


When executed, the trojan creates the following files:

  • %startup%\­ntuser_mssec.exe (67584 B)
  • %temp%\­%variable%.tmp

A string with variable content is used instead of %variable% .

Information stealing

The following information is collected:

  • information about the operating system and system settings

The trojan can send the information to a remote machine.

Other information

The trojan acquires data and commands from a remote computer or the Internet.

The trojan contains a list of (4) URLs. The HTTP protocol is used.

It can execute the following operations:

  • log keystrokes
  • steal information from the Windows clipboard
  • monitor network traffic
  • download files from a remote computer and/or the Internet
  • run executable files
  • collect information about the operating system used

The trojan may create and run a new thread with its own program code within any running process.

Please enable Javascript to ensure correct displaying of this content and refresh this page.