TrojanDownloader:Win32/Caxnet.B is a trojan downloader that retrieves and installs a variant of Win32/Koutodoor from a remote website.
This trojan downloader is installed and run by other malware such as TrojanDownloader:Win32/Esplor.A
. When TrojanDownloader:Win32/Caxnet.B
executes, it runs its download payload, then exits and deletes itself.
This trojan downloader attempts to download Backdoor:Win32/Koutodoor.B from a remote website "baiducom.net.cn". The requested file is hosted as "image.jpg" and is saved locally as a randomly named executable such as "yacgpbo.exe" in the Windows system folder. The downloaded file is executed with the parameter "205471". TrojanDownloader:Win32/Caxnet.B then deletes itself and the downloaded executable.
Analysis by Shali Hsieh
There are no common symptoms associated with this threat. Alert notifications from installed antivirus software may be the only symptom(s).