Downloader-CBG Description
Downloader-CBG is Trojan downloader that may infect a compromised system with additional malware. Downloader-CBG may enter systems via unsolicited e-mails or drive-by downloads. Once inside a system, Downloader-CBG may download backdoor or spyware programs that will put a victim's confidential information at risk of being stolen. Downloader-CBG may also make changes to the registry as well as create a start-up registry key.
Technical Information
File System Details
Downloader-CBG creates the following file(s):
| # | File Name | Detection Count |
|---|---|---|
| 1 | %Temp%\info_y8.exe | N/A + |
| 2 | %System%\Com\comadmine.dll | N/A + |
| 3 | %System%\Servicx.exe | N/A + |
| 4 | %System%\tlntsvi_5033.exe | N/A + |
| 5 | %DesktopDir%\Internet Explorer.lnk | N/A + |
Registry Details
Downloader-CBG creates the following registry entry or registry entries:
RegistryKey
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sanseex\Security]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Advanced INF Setup]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sanseex]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Sanseex\Security]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\open\Command]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Sanseex]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\open]