| Malware name | Trojan.Dldr.FraudLoa.NC | | Type | Trojan | | Affected platform | Win32 | | Media-Type | application/executable | | MD5 checksum | 5A0C6DB22F7745D56CD2EFFC3FF86BFC | | Static file | no | | Filesize | 94,208 Bytes | Alias names
(also known as) | | Sophos | Troj/FakeAle-ES | | McAfee | FakeAlert-AQ | | CA ETrust | Win32/FakeAlert.AL |
| | Side effects | - Blocks access to certain websites
- Drops a file
| | Propagation | No own spreading routine |
|
Description:
Files
The following file is created:
– %TEMPDIR%\adpg.bat Furthermore it gets executed after it was fully created. This batch file is used to delete a file.
Hosts
– Access to the following domains are redirected to other destinations:
• mac.com; nytimes.com; download.com; gamespot.com; partypoker.com;
mediafire.com; geocities.com; megaupload.com; about.com;
deviantart.com; yourfilehost.com; 56.com; apple.com; adobe.com;
imagevenue.com; livejournal.com; mininova.com; redtube.com;
craigslist.com; tinyurl.com; go.com; adultfriendfinder.com;
skyrock.com; friendster.com; flickr.com; wordpress.com; youporn.com;
imdb.com; amazon.com; photobucket.com; aol.com; hi5.com; ebay.com;
rapidshare.com; orkut.com; blogger.com; facebook.com; wikipedia.org;
microsoft.com; myspace.com; msn.com; live.com; yahoo.com; google.com
File details
Programming language:
The malware program was written in MS Visual C++.
