Analysis by: John Kevin Sanchez
 PLATFORM:

Windows

 OVERALL RISK RATING:
 DAMAGE POTENTIAL:
 DISTRIBUTION POTENTIAL:
 REPORTED INFECTION:
 INFORMATION EXPOSURE:

  • Threat Type: Trojan

  • Destructiveness: No

  • Encrypted:

  • In the wild: Yes

  OVERVIEW

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

  TECHNICAL DETAILS

File Size: 6,144 bytes
File Type: EXE
Initial Samples Received Date: 01 May 2017

Arrival Details

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

Installation

This Trojan adds the following processes:

  • iexplore.exe

Other Details

This Trojan connects to the following possibly malicious URL:

  • http://{BLOCKED}turepop.com/redirect/57a764d042bf8
  • http://www.{BLOCKED}tivadvertising.com/a/display.php?r=1455537&sub1=9
  • http://www.{BLOCKED}tivadvertising.com/a/display.php?r=1455537&sub1=9&treqn=503298742&runauction=1&crr=1d0aa1bc71c985b84e7b,A2RzQyb2913541660bdb4d3cd57&cbrandom=0.9072750569620548&cbtitle=&cbiframe=0&cbWidth=1272&cbHeight=660&cbdescription=&cbkeywords=
  • http://www.{BLOCKED}tivadvertising.com/a/display.php?stamat=m%7C%2C%2CwiFmY3ZzoGU3B59GH0dEdHP3xP.e82%2C_gfte86rkSRlb3mM0QJVC4_A4cJy05O_x5gKvxpOzEE4Nb6hkTo5A9FrF8HmnmAK45_vNpmATjnjpDTHPxwQLTdril-zhtIUmb2ZZmZnwo3Z8ROiApfnQ52vWDJUe1POpMDZZpzKJmfWFUqoQCkrqNHiIdK46ELR4haxiEMK-g5gAEaN8Q4Xn2tdWZdnLs6zKooA3MRkAj8_py2Y5F3Z0ryGTBzIHy_3tDVuzeD2nP-FpM1RC6jDBlXOQv7xa8AaQ1Usy-TKTM82WdclqrpioeO15LQ6Q4sjtKYu8M49LWSLP6S_xYo4EtxAIh7r9j06Wv-05gtNmp8x7x0OLa5qaA%2C%2C
  • http://{BLOCKED}r1.com/dr2?srn=bb_ac2_java_is_1&utm_source=bb_ac2&utm_medium=ron&utm_campaign=1455537-2366072709-0&clickid=1493799408172838270769672904132699
  • http://{BLOCKED}r1.com/idr?srn=bb_ac2_java_is_1&utm_source=bb_ac2&utm_medium=ron&utm_campaign=1455537-2366072709-0&clickid=1493799408172838270769672904132699
  • http://sm.{BLOCKED}dhloathful.download/cq0iyr/3116/smartrt/?srn=bb_ac2_java_is_1&utm_source=bb_ac2&utm_medium=ron&utm_campaign=1455537-2366072709-0&clickid=1493799408172838270769672904132699&
  • http://sm.{BLOCKED}dhloathful.download/3116/1290/meu16f
  • http://html5shim.{BLOCKED}code.com/svn/trunk/html5.js
  • http://sm.{BLOCKED}dhloathful.download/Content/base_css?v=nDcz8L0fFvWbnb8eDZMRnfYTLBhZgqGPRIhK_pt-LE01
  • http://ajax.{BLOCKED}apis.com/ajax/libs/jquery/1.8.1/jquery.min.js
  • http://sm.{BLOCKED}dhloathful.download/Scripts/dl.min.js
  • http://sm.{BLOCKED}dhloathful.download/Scripts/helpers?v=jl0dnMa1Mj7nUjzvl4qPSaf1uYI7zmel6ZBZGpQuj0I1
  • http://sm.{BLOCKED}dhloathful.download/Content/installer_css?v=_JfUKt2235VBDROysvy-geeSoFUQLeERl3VNLwRqVjg1
  • http://sm.{BLOCKED}dhloathful.download/Content/images/msie_download_hint.png
  • http://sm.{BLOCKED}dhloathful.download/Content/images/msie_download_hint_clr.jpg
  • http://sm.{BLOCKED}dhloathful.download/Content/images/jv_background.png
  • http://sm.{BLOCKED}dhloathful.download/Content/images/installer_button.jpg
  • http://sm.{BLOCKED}dhloathful.download/Download/Refresh?lpm_id=1290&page=/3116/1290/meu16f
  • http://sm.{BLOCKED}dhloathful.download/favicon.ico