Lavasoft Malware Labs Blog
Malware Encyclopedia
Susp_Dropper (Kaspersky), LooksLike.Win32.Malware!B (v) (VIPRE), Email-Worm.Win32.Brontok!IK (Emsisoft), Virus.Win32.Duel.FD, GenericEmailWorm.YR, GenericIRCBot.YR (Lavasoft MAS)
Behaviour: Worm, Email-Worm, Virus, IRCBot
HEUR:Trojan.Win32.Generic (Kaspersky), Worm.Win32.Dorkbot (VIPRE), Worm.Win32.Dorkbot!IK (Emsisoft), Backdoor.Win32.Farfli.FD, Worm.Win32.Dorkbot.FD, BankerGeneric.YR, GenericInjector.YR, GenericPhysicalDrive0.YR, WormDorkbot.YR, GenericAutorunWorm.YR, GenericIRCBot.YR, GenericDNSBlocker.YR, GenericUDPFlooder.YR, GenericSYNFlooder.YR, GenericProxy.YR, GenericUSBInfector.YR, GenericMSNWorm.YR (Lavasoft MAS)
Behaviour: Banker, Trojan, Backdoor, Flooder, Worm, WormAutorun, IRCBot, MSNWorm, DNSBlocker, UDPFlooder, SYNFlooder, Trojan-Proxy, USBInfector
Platform: Win32
Type: Trojan
Size: 260691 bytes
Packer: unknown
Unpacked size: 368 Kb
Language: C++
MD5: 8118f3a4ff2d8d79a72b08f44a5f4310
SHA1: 3c4aa92c7bbda1c27b2600af9158aa8dbac1a4bf
Aliases: Trojan.Win32.Generic!BT, Worm:Win32/Neeris.gen!C, IRCbot
Summary
Blazebot is designed to steal users’ confidential data.
The Trojan’s name is taken from the string found in the memory dump of the Trojan process:
HEUR:Trojan.Win32.Generic (Kaspersky), Worm.Win32.Ainslot.VB.FD, WormAinslot_VariantOfZeus.YR, GenericAutorunWorm.YR (Lavasoft MAS)
Behaviour: Trojan, Worm, WormAutorun
HEUR:Trojan.Win32.Generic (Kaspersky), Trojan.Win32.Generic!BT (VIPRE), SpyTool.Win32.Ardamax.FD, GenericEmailWorm.YR (Lavasoft MAS)
Behaviour: Trojan, Worm, Email-Worm, SpyTool
HEUR:Trojan.Win32.Generic (Kaspersky), Trojan.Win32.Generic!BT (VIPRE), Trojan-PSW.Win32.Zbot.6.FD, GenericInjector.YR, TrojanPSWZbot.YR, BackdoorCaphaw_QKKBAL.YR, Sinowal.YR (Lavasoft MAS)
Behaviour: Trojan-PSW, Trojan, Backdoor
Susp_Dropper (Kaspersky), LooksLike.Win32.Malware!B (v) (VIPRE), Virus.Win32.Heur!IK (Emsisoft), Virus.Win32.Duel.FD, GenericEmailWorm.YR, GenericIRCBot.YR (Lavasoft MAS)
Behaviour: Worm, Email-Worm, Virus, IRCBot
HEUR:Trojan.Win32.Generic (Kaspersky), Trojan.Win32.Kryptik.ngw (v) (VIPRE), Worm.Win32.Pushbot!IK (Emsisoft), Worm.Win32.Dorkbot.FD, BankerGeneric.YR, GenericInjector.YR, GenericPhysicalDrive0.YR, WormDorkbot.YR, GenericAutorunWorm.YR, GenericIRCBot.YR, GenericMSNWorm.YR, GenericDNSBlocker.YR, GenericUDPFlooder.YR, GenericSYNFlooder.YR, GenericProxy.YR, GenericUSBInfector.YR (Lavasoft MAS)
Behaviour: Banker, Trojan, Flooder, Worm, WormAutorun, IRCBot, MSNWorm, DNSBlocker, UDPFlooder, SYNFlooder, Trojan-Proxy, USBInfector
Trojan.Win32.Monder.nwpc (Kaspersky), Trojan.Win32.Gbot.aakv (v) (VIPRE), Trojan-Spy.Win32.Ardamax!IK (Emsisoft), SpyTool.Win32.Ardamax.FD, SpyToolArdamax.YR, GenericEmailWorm.YR (Lavasoft MAS)
Behaviour: Trojan-Spy, Trojan, Worm, Email-Worm, SpyTool
HEUR:Trojan.Win32.Generic (Kaspersky), Trojan.Win32.Generic!BT (VIPRE), Virus.Win32.Heur!IK (Emsisoft), Trojan.Win32.IEDummy.FD, GenericInjector.YR, WormRebhip.YR, GenericAutorunWorm.YR (Lavasoft MAS)
Behaviour: Trojan, Worm, Virus, WormAutorun
HEUR:Trojan.Win32.Generic (Kaspersky), Trojan.Win32.Generic!BT (VIPRE), Worm.Win32.Ainslot.VB.FD, WormAinslot_VariantOfZeus.YR, GenericAutorunWorm.YR (Lavasoft MAS)
Behaviour: Trojan, Worm, WormAutorun
HEUR:Trojan.Win32.Generic (Kaspersky), Trojan.Win32.Zbot.fdm (v) (VIPRE), Worm.Win32.Dorkbot!IK (Emsisoft), Backdoor.Win32.Farfli.FD, Worm.Win32.Dorkbot.FD, BankerGeneric.YR, GenericInjector.YR, GenericPhysicalDrive0.YR, WormDorkbot.YR, GenericAutorunWorm.YR, GenericIRCBot.YR, GenericDNSBlocker.YR, GenericUDPFlooder.YR, GenericSYNFlooder.YR, GenericProxy.YR, GenericUSBInfector.YR, GenericMSNWorm.YR (Lavasoft MAS)
Behaviour: Banker, Trojan, Backdoor, Flooder, Worm, WormAutorun, IRCBot, MSNWorm, DNSBlocker, UDPFlooder, SYNFlooder, Trojan-Proxy, USBInfector
