Analysis by: Cris Nowell Pantanilla
 PLATFORM:

Windows

 OVERALL RISK RATING:
 DAMAGE POTENTIAL:
 DISTRIBUTION POTENTIAL:
 REPORTED INFECTION:
 INFORMATION EXPOSURE:

  • Threat Type: Trojan

  • Destructiveness: No

  • Encrypted: Yes

  • In the wild: Yes

  OVERVIEW

This Trojan arrives as attachment to mass-mailed email messages.

It executes the dropped file(s). As a result, malicious routines of the dropped files are exhibited on the affected system.

  TECHNICAL DETAILS

Tamaño del archivo 619,765 bytes
Tipo de archivo RTF
Residente en memoria No
Fecha de recepción de las muestras iniciales 12 Feb 2015

Arrival Details

This Trojan arrives as attachment to mass-mailed email messages.

Dropping Routine

This Trojan drops the following files:

  • %User Profile%\Local Settings\svchost.exe - detected as BKDR_BLADABIN.UK

(Note: %User Profile% is the current user's profile folder, which is usually C:\Documents and Settings\{user name} on Windows 2000, XP, and Server 2003, or C:\Users\{user name} on Windows Vista and 7.)

It executes the dropped file(s). As a result, malicious routines of the dropped files are exhibited on the affected system.

NOTES:

After performing its malicious routines, this Trojan replaces the original malicious .RTF file with a normal document file and opens it.