Mal/Behav-130

Posted: January 10, 2012

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	1/10
Infected PCs:	225

First Seen:	January 10, 2012
Last Seen:	February 3, 2023
OS(es) Affected:	Windows

Mal/Behav-130 is a Trojan that downloads other malicious files, uses the Windows Registry to bypass your computer's security, creates fake Windows components and assists with theft of personal information. Symptoms and behavior from Mal/Behav-130 may vary according to both the version of it that attacks your PC and any configuration data that Mal/Behav-130 receives from remote servers. However, in all cases, Mal/Behav-130 should be considered a high-level threat due to its tendency to directly assault your computer's security settings, thus softening your PC up for theft of your bank or identity-related information. SpywareRemove.com malware researchers recommend that you delete Mal/Behav-130 with suitable anti-malware programs due to the sophisticated nature of Mal/Behav-130, which may also register .dll files and make significant changes to native components of Windows.

Mal/Behav-130 – Bad News for Your Browser (and the Rest of Your PC)

Even though many anti-malware companies have had their eye on Mal/Behav-130 since 2007, even recent updates to Chrome's download security have failed to identify Mal/Behav-130, which is noted for its advanced structure and the significantly-invasive nature of its attacks. Mal/Behav-130 is also referenced by aliases that alternately label Mal/Behav-130 as either a banking Trojan or a Trojan downloader due to Mal/Behav-130's possession of features in both of these categories. Popular Mal/Behav-130 aliases include Trojan-Spy.Win32.Banker.bbh, TrojanDownloader:Win32/Banload.gen!N, Suspicious.MH690, Trojan-Downloader.Win32.Banload, Infostealer.Bancos, Trojan-Downloader.Delf!sd6, PWS-Banker and Trojan-Downloader.Win32.Delf.shs.

SpywareRemove.com malware researchers have noted the below described behavior to be typically-evident in a Mal/Behav-130 infection:

Attacks against various types of security settings, especially the EnableLUA settings that issue notifications for unusual changes in your PC.
Automatic launching behavior that allows Mal/Behav-130 to eat up resources and remain resident in your computer's memory simply by the act of Windows being started.
The presence of malicious files that are named in the form of fake Windows components (such as 'iexplorer.exe,' a mangled combination of the benign 'explorer.exe' and 'iexplore.exe' files).
Theft of personal information, especially information that's related to websites for banks and other financial institutions.

However, SpywareRemove.com malware researchers also warn that Mal/Behav-130 may be capable of other attacks and can alter its behavior according to instructions that Mal/Behav-130 downloads from remote servers.

Deflecting Mal/Behav-130 from Your Bank Account

Since Mal/Behav-130 targets Brazilian banks in particular, simply avoiding suspicious sites and file sources from Brazil can help you avoid Mal/Behav-130 propagation routes. Many Mal/Behav-130 files are also packed to avoid detection by anti-malware programs, and although Mal/Behav-130 is quite old, numerous reports of Mal/Behav-130 attacks in 2011 indicate that Mal/Behav-130 still in widespread distribution. Consequentially, SpywareRemove.com malware researchers recommend that you exercise great care around unusual files and keep your anti-malware tools updated so that they can identify and remove new variants of Mal/Behav-130.

Mal/Behav-130 targets Windows computers and isn't able to cause significant damage to computers that use Linux, Mac or other OS brands. However, Mal/Behav-130 is able to attack most versions of Windows from Windows 95 up to Windows 7, and despite its subtlety, shouldn't be underestimated in terms of the potential damage of its spyware-based activities.

Aliases

Win.Trojan.Agent-236684 [ClamAV]Delf.AIPG [AVG]Trojan-Dropper.Delf [Ikarus]Heuristic.LooksLike.Win32.Suspicious.J!89 [McAfee-GW-Edition]TROJ_GEN.R11Z4LC [TrendMicro]TR/Spy.Banker.Gen [AntiVir]TrojWare.Win32.Spy.Banker.Gen [Comodo]HEUR:Trojan.Win32.Generic [Kaspersky]Win32:WrongInf-G [Susp] [Avast]WS.Reputation.1 [Symantec]W32/SysVenFak.A.gen!Eldorado [F-Prot]Trojan [K7AntiVirus]Artemis!81D9CACB268F [McAfee]Downloader.Generic13.IEE [AVG]Malware_fam.NB [Fortinet]
More aliases (52)

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\MsConfig.exe

File name: MsConfig.exe
Size: 634.44 KB (634446 bytes)
MD5: 81d9cacb268fe200dc26857cdb821f24
Detection count: 206
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup
Group: Malware file
Last Updated: December 22, 2014

%ALLUSERSPROFILE%\jusched.exe

File name: jusched.exe
Size: 827.39 KB (827392 bytes)
MD5: 14544132f739dd9c853845aa5e44a954
Detection count: 12
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%
Group: Malware file
Last Updated: February 18, 2015

%ALLUSERSPROFILE%\36FC4C15.exe

File name: 36FC4C15.exe
Size: 827.39 KB (827392 bytes)
MD5: b0115f9b0e093c1b144bd90d1de79c6d
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%
Group: Malware file
Last Updated: October 8, 2012

Additional Information

The following URL's were detected:

smartsportsearch.com