TrojanDownloader:Win32/Bredolab

Detected by Microsoft Defender Antivirus

Aliases: Trj/Sinowal.WPD (Panda) Backdoor.Win32.Bredolab.oi (Kaspersky) Backdoor.Bredolab.QB (VirusBuster) Win32/Kryptik.AKO (ESET) Trojan.Bredolab (Symantec) BKDR_BREDOLAB.CL (Trend Micro)

TrojanDownloader:Win32/Bredolab is a detection for malware that connects to a remote server to download and execute other files.

Use Microsoft Windows Defender, Microsoft Security Essentials, the Microsoft Safety Scanner, or another up-to-date scanning and removal tool to detect and remove this threat and other unwanted software from your computer. For more information on Microsoft security products, see http://www.microsoft.com/protect/products/computer/default.mspx.

Threat behavior

TrojanDownloader:Win32/Bredolab is a detection for malware that connects to a remote server to download and execute other files.

It is installed to the Startup folder using a variable file name. It injects itself in the 'svchost.exe' and 'explorer.exe' processes.

Some of the files detected as TrojanDownloader:Win32/Bredolab use the following names:

asgupd32.exe
dfqupd32.exe
dmaupd32.exe
fmnupd32.exe
ihaupd32.exe
imiupd32.exe
legupd32.exe
ppqupd32.exe
rqjupd32.exe
ikowin32.exe
wbhwin32.exe
hcgwin32.exe
fqosys32.exe
lecsys32.exe
necsys32.exe
rncsys32.exe
ysfsys32.exe
zqosys32.exe

The following list details just a small selection of the malware known to be downloaded by variants of TrojanDownloader:Win32/Bredolab:

Win32/Ambler
Win32/Boaxxe
Win32/Busky
Win32/Cbeplay
Win32/Cutwail
Win32/Daurso
Win32/FakeRean
Win32/FakeSpypro
Win32/Haxdoor
Win32/Hiloti
Win32/Insnot
Win32/Koobface
Win32/Momibot
Win32/Oderoor
Win32/Oficla
Win32/Otlard
Win32/Rlsloup
Win32/Rustock
Win32/Sinowal
Win32/Tedroo
Win32/Ursnif
Win32/Vundo
Win32/Waledac
Win32/Wantvi
Win32/Winwebsec
Win32/Wopla
Win32/Zbot

Analysis by Francis Allan Tan Seng

Prevention

Take these steps to help prevent infection on your computer.

System changes

The following system changes may indicate the presence of this malware:

The presence of any of the following files:
asgupd32.exe
dfqupd32.exe
dmaupd32.exe
fmnupd32.exe
ihaupd32.exe
imiupd32.exe
legupd32.exe
ppqupd32.exe
rqjupd32.exe
ikowin32.exe
wbhwin32.exe
hcgwin32.exe
fqosys32.exe
lecsys32.exe
necsys32.exe
rncsys32.exe
ysfsys32.exe
zqosys32.exe

Send us feedback

Tell us about your experience

Thank you for your feedback

TrojanDownloader:Win32/Bredolab

Summary

What to do now

Technical information

Threat behavior

Prevention

Symptoms

System changes