My Bitdefender
  • 0 Shopping Cart

SHARE
THIS ON

Facebook Twitter Google Plus

Trojan.Bredolab.BR

MEDIUM
MEDIUM
~22KB
(W32/Bredolab.T.gen!Eldorado, Generic Dropper.lr, Packed.Win32.Krap.x)

Symptoms

- unusual processes might appear in Task Manager

- possible fake warnings regarding alleged computer infections

Removal instructions:

Please let BitDefender disinfect your files.

Analyzed By

Marius Vanta, virus researcher

Technical Description:

Trojan.Bredolab.BR is another (and somehow unusual) variant of the popular Bredolab malware family.

Unlike some older variants, the one in this case has a rather simple behavior, all it does is to download other malware components. Regardless of this limited functionality, it is very well protected against analysis or anti-malware programs by using custom packing protection with highly obfuscated code which hides its small malicious code, making detection a hard job for standard antivirus scanners.

The file comes with an apparently harmless document-like icon fooling an unsuspecting computer user to think it can do no harm. Upon execution it will unpack its code and try to connect to various remote addresses through the HTTP protocol for downloading and executing other trojans, usually fake antivirus or antispyware scanners (like PC Antispyware 2010).

As already mentioned, this particular variant will do virtually nothing with the exception of downloading other infected files. For example it doesn't register itself to start automatically at system start-up nor does it inject code into other processes like some other variants.