Analysis by: Cris Nowell Pantanilla
 PLATFORM:

Windows

 OVERALL RISK RATING:
 DAMAGE POTENTIAL:
 DISTRIBUTION POTENTIAL:
 REPORTED INFECTION:
 INFORMATION EXPOSURE:

  • Threat Type: Trojan

  • Destructiveness: No

  • Encrypted: Yes

  • In the wild: Yes

  OVERVIEW

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

It executes the downloaded files. As a result, malicious routines of the downloaded files are exhibited on the affected system.

  TECHNICAL DETAILS

Tamaño del archivo 323,584 bytes
Tipo de archivo EXE
Residente en memoria Yes
Fecha de recepción de las muestras iniciales 22 May 2015

Arrival Details

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

Installation

This Trojan drops the following files:

  • %System32%\WSPDll.dll

Download Routine

This Trojan accesses the following websites to download files:

  • http://www.{BLOCKED}lm.com.ua/forum/files/.../strings.txt
  • http://www.{BLOCKED}lm.com.ua/forum/files/.../strings.txt
  • http://www.{BLOCKED}p.cz/includes/.../strings.txt
  • http://www.{BLOCKED}usalumni.net/templates/css/strings.txt
  • http://dasan.{BLOCKED}g.ac.kr/~appmath/test/bbs/strings.txt
  • http://{BLOCKED}esitetraffic.com/blog/wp-includes/js/strings.txt

It then executes the downloaded files. As a result, malicious routines of the downloaded files are exhibited on the affected system.