TrendLabs Malware Blog
Glossary
TrendWatch
TrendLabs Twitter
TROJ_RDROPPER.A
Overview
Solution

Malware type: Trojan

Aliases: Trojan.Radropper (Symantec), EXP/WinRAR.G.8 (Avira), Troj/BadRar-A (Sophos),

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 98, ME, NT, 2000, XP, Server 2003

Encrypted: No

Overall risk rating:

Reported infections:

Damage potential:

 High

Distribution potential:

 Low

Description: 

To get a one-glance comprehensive view of the behavior of this malware, refer to the Behavior Diagram shown below.

TROJ_RDROPPER.A Behavior Diagram

Malware Overview

This is the Trend Micro detection for malicious WinRAR files (RAR) that take advantage of a vulnerability in WinRAR Archiver. It may arrive bundled with malware packages as a malware component. It may be downloaded unknowingly by a user when visiting malicious Web sites.

When opened on a WinRAR version prior to 3.60, it exploits a buffer overflow vulnerability in order to drop and execute a file detected by Trend Micro as BKDR_DARKMOON.AH. As a result, routines of the dropped backdoor are exhibited on the affected system.

For additional information about this threat, see:
Solution
Technical Details

Description created: Nov. 26, 2007 11:14:39 PM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.