Analysis by: Adrianne Chester Camat
 PLATFORM:

Windows 2000, Windows Server 2003, Windows XP (32-bit, 64-bit), Windows Vista (32-bit, 64-bit), Windows 7 (32-bit, 64-bit)

 OVERALL RISK RATING:
 DAMAGE POTENTIAL:
 DISTRIBUTION POTENTIAL:
 REPORTED INFECTION:

  • Threat Type: Trojan

  • Destructiveness: No

  • Encrypted: Yes

  • In the wild: Yes

  OVERVIEW

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

It connects to a website to send and receive information.

It retrieves specific information from the affected system.

  TECHNICAL DETAILS

Tamaño del archivo 387,072 bytes
Tipo de archivo EXE
Residente en memoria Yes
Fecha de recepción de las muestras iniciales 20 Mar 2013

Arrival Details

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

Installation

This Trojan injects itself into the following processes as part of its memory residency routine:

  • iexplore.exe

Backdoor Routine

This Trojan connects to the following websites to send and receive information:

  • {BLOCKED}.254.142

Information Theft

This Trojan retrieves the following information from the affected system:

  • username
  • password