ABox Trojan Downloader Information
High risk threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction. May open up communication ports, use polymorphic tactics, stealth installations, and/or anti-spy counter measures. May use a security flaw in the operating system to gain access to your computer.
||ABox is an adult related adware component that uses trojan techniques to install itself.
ABox is equipted with a trojan downloader that retrieves file from a remote ftp server. ABox's controling server is located at http://188.8.131.52.
ABoz installs an application into the Windows system tray (abox.exe) that is loaded from the startup registry. This application displays links to adult related content from http://www.fast-loto.com.
ABox is assocaited with http://www.voicekampala.com, Voice Ltd. , based out of Uganda. The Thawte code signing cert for the Abox installer was issued to Voice Ltd. "Voice's mission is producing interactive crossmedia applications that fulfil the vision of a multichannel, multidevice future. We want to help our clients build compelling e-commerce, content and community services that can be used by anyone, anywhere and at any time, using any Internet device including PCs, mobile phones, PDAs, digital TV platforms or any other gadget connected to the Net. We strive to build interesting destinations that empower people to interact with one another and build communities."
||process: logon.exe: MD5 Hash: 54aa6971dfe66c6e684...
process: abox.exe: MD5 Hash: ...
process: aboxinst_int2.exe: MD5 Hash: 8e8f6252fe26d05d237...
process: abox.exe: MD5 Hash: 9d12f918a1c6d342aea...
process: leisureboxinst_ppi1a.exe: MD5 Hash: 87ebec9c07ebea7ccc8...
process: pi1_51.exe: MD5 Hash: 2d93b854d57c2b2061e...
process: leisureboxinst_ppi1.exe: MD5 Hash: beecc7c04565d9b430d...
process: pi1_51.exe: MD5 Hash: c4503b432c8009833e5..
||Trojan Downloader - A Trojan software is any software on a user's computer that the user is not aware or intentionally installed. Most Trojan software is designed to perform some sort of actions that could jeopardize the user's security or privacy.
Top Trojan Downloader Visited Pages:
TrojanDownloader:Win32/Small.ADO - 486 visits
Trojan.Downloader.Slvr - 274 visits
Peper - Alias: Backdoor.VB.nb, pepar trojan, Quadro - 106 visits
Trojan.Downloader.Small.ADR - Alias: TrojanDownloader:Win32/Small.ADR - 104 visits
TrojanDownloader:Win32/Small.ADP - 92 visits
Trojan.Downloader.U - 89 visits
Trojan.Dropper.AV - Alias: Troj/Dropper-AV - 88 visits
eXact.Downloader - 85 visits
Bagle.HP - 82 visits
Bagle.BV - 82 visits
Random Trojan Downloader Pages:
Unclassified.Trojan.Downloader.103 - Alias: BackDoor-AZV (Mcafee)
Kuang2 Web Updater - Alias: TrojanDownloader.Win32.Aphex.h, W95/Kuang.updater
Trojan.Small.AR - Alias: Trojan:Win32/Small.AR
Trojan.Downloader.Small - Alias: TrojanDownloader:Win32/Small