SHARE
THIS ON

Facebook Twitter Google Plus

Trojan.Downloader.JS.Agent.PB

HIGH
MEDIUM
~2.5 kbytes
(Exploit:Win32/Senglot.J; Trojan-Downloader:JS/Agent.CQY; JS/TrojanDownloader.Agent.NDL)

Symptoms

    This is a script that will download a file and save it on user's computer under a.exe, so there are no obvious symptoms unless the download succeeds and the script executes the downloaded file.

Removal instructions:

Please let BitDefender delete your files.

Analyzed By

Dana Stanut, virus researcher

Technical Description:

    This trojan is written in JavaScript and it exploits a buffer overflow vulnerability of BaoFeng Storm ActiveX Control ( identified with the following CLSID: 6BE52E1D-E586-474F-A6E2-1A85A9B4D9FB). This is done by passing a long argument into rawParse() method of Mps.dll.
    If the code stored in a JavaScript unescaped sequence is executed, it will download a malware from the following URL: http://www.[removed]hena.com/test.exe, save it under a.exe ant then execute it. When this description was made, the URL wasn't active.
Antivirus Software For Home Users
Business Security Solutions
Latest News
Tools & Resources