Bird_banner_small4
Trojan-Downloader.Win32.GopherBomba.A
TSL ID TSL20171107-05
Severity Moderate
Description

Trojan-Downloader.Win32.GopherBomba.A is a Trickler, written in golang, that targets the Windows platform. This malware gathers system information and base64 encodes the HTTP POST key/value pairs separately. The return value of the HTTP server is checked for the appropriate MZ header (i.e. the response is a DLL or executable). The server response is then written to the disk and executed.

Affected Products
  • Microsoft Windows All Versions
File Hashes
MD5:
  • 524F3FE5152CD337CF8839A1ED77CB81
SHA1:
  • 0F71EE8EAFA02464F6292EB0946EE90704923778
Related Threats