TrendLabs Malware Blog
Glossary
TrendWatch
TrendLabs Twitter
TROJ_MDROPPER.EQ
Overview
Solution

Malware type: Trojan

Aliases: Trojan-Dropper.MSWord.1Table.cq (Kaspersky), Exploit-MSWord.d (McAfee), Trojan.Mdropper.W (Symantec), TR/Crypt.FKM.Gen (Avira), Troj/MalDoc-B (Sophos),

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 98, ME, NT, 2000, XP, Server 2003

Encrypted: No

Overall risk rating:

Reported infections:

Damage potential:

 High

Distribution potential:

 Low

Infection Channel 1 : Spammed via email

Description: 

To get a one-glance comprehensive view of the behavior of this malware, refer to the Behavior Diagram shown below.

TROJ_MDROPPER.EQ Behavior Diagram

Malware Overview

This Trojan may arrive as an attachment to email messages or as a file dropped or downloaded by other malware.

When executed, it exploits a vulnerability in Microsoft Word to execute a shell code which, in turn, runs an embedded .EXE file on the affected system. For more information regarding the said vulnerability, refer to the following Microsoft Web page:

It attempts to drop the said file as AHAH.EXE in the Windows temporary folder. Trend Micro detects the said file as BKDR_AGENT.TNZ. Routines of this backdoor are also exhibited on the affeted system.

For additional information about this threat, see:
Solution
Technical Details

Description created: Jan. 26, 2007 12:01:17 PM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.