Bird_banner_small4
Trojan-Downloader.VBA.Powdowgoz.A
TSL ID TSL20180308-02
Severity Moderate
Description

Trojan-Downloader.VBA.Powdowgoz.A is a Trickler that targets the Windows platform. It is reported that the malware has been used in targeted attacks. The malware arrives to a victim's system as a Microsoft document file, which uses Visual Basic for Applications to download and execute HTA files on the infected system.

Affected Products
  • Microsoft Windows All Versions
File Hashes
MD5:
  • 5E0026A0941F4E7F0D6AD2449C4135FD
SHA1:
  • BBA0F803CD72554F41E72F14F8490B628D62A579
Identifiers
McAfee
  • W97M/DOWNLOADER.CLH
Microsoft Malware Protection Center
Sophos
  • TROJ/DOCDL-MFK
TrendMicro
AegisLab
  • TROJ.SCRIPT.AGENT!C
AhnLab
  • W97M/FAKEALERT.S4
Arcabit
  • HEUR.VBA.TROJAN.E
Baidu
  • VBA.TROJAN-DOWNLOADER.AGENT.CKO
BitDefender
  • TROJAN.GENERICKD.6408285
ClamAV
  • DOC.DROPPER.AGENT-6428588-0
ESET
  • VBA/TROJANDOWNLOADER.AGENT.GHP
Fortinet
  • VBA/AGENT.E650!TR
NANO-Antivirus
  • TROJAN.SCRIPT.EXPKIT.EXQAJB
Rising
  • DOWNLOADER.AGENT!8.B23
Tencent
  • WIN32.TROJAN-DOWNLOADER.AGENT.SWAY
ViRobot
  • DOC.Z.AGENT.55022.A
References https://blog.talosintelligence.com/2018/03/gozi-isfb-remains-active-in-2018.html#more
https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=TrojanDownloader:O97M/Powdow.G&ThreatID=-2147242314
Related Threats