Class: Trojan-Downloader
Programs classified as Trojan-Downloader download and install new versions of malicious programs, including Trojans and AdWare, on victim computers. Once downloaded from the Internet, the programs are launched or included on a list of programs which will run automatically when the operating system boots up. Information about the names and locations of the programs which are downloaded are in the Trojan code, or are downloaded by the Trojan from an Internet resource (usually a web page). This type of malicious program is frequently used in the initial infection of visitors to websites which contain exploits.Read more
Platform: Win32
Win32 is an API on Windows NT-based operating systems (Windows XP, Windows 7, etc.) that supports execution of 32-bit applications. One of the most widespread programming platforms in the world.Family: Trojan-Downloader.Win32.IstBar
No family descriptionExamples
D18B8990F19F159A9C3B766316FE12A3EE5BB15F079CE34E00AE479AFC766F17
3184E5325B730BABC74B39A21A5B84BE
E8851606030F3F1A5B6F8483BBF3F93F
D255269DC0CEB77C19857115F01E0EA0
Tactics and Techniques: Mitre*
TA0005
Defense Evasion
Adversaries may abuse Regsvr32.exe to proxy execution of malicious code. Regsvr32.exe is a command-line program used to register and unregister object linking and embedding controls, including dynamic link libraries (DLLs), on Windows systems. The Regsvr32.exe binary may also be signed by Microsoft.
T1218.010
Regsvr32
Adversaries may abuse Regsvr32.exe to proxy execution of malicious code. Regsvr32.exe is a command-line program used to register and unregister object linking and embedding controls, including dynamic link libraries (DLLs), on Windows systems. The Regsvr32.exe binary may also be signed by Microsoft.
* © 2025 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.