Analysis by: Francis Xavier Antazo
ALIASES:

Win32/FireHooker.A (ESET); Trojan.Win32.FireHooker.a (Kaspersky);

 PLATFORM:

Windows

 OVERALL RISK RATING:
 DAMAGE POTENTIAL:
 DISTRIBUTION POTENTIAL:
 REPORTED INFECTION:
 INFORMATION EXPOSURE:

  • Threat Type: Trojan

  • Destructiveness: No

  • Encrypted:

  • In the wild: Yes

  OVERVIEW

This Trojan requires its main component to successfully perform its intended routine.

  TECHNICAL DETAILS

File Size: 5120 bytes
File Type: DLL
Memory Resident: Yes
Initial Samples Received Date: 16 Sep 2015

Arrival Details

This malware arrives via the following means:

  • Dropped by DNSblock installer or other installers bundled with DNSblock installer

Other Details

This Trojan requires its main component to successfully perform its intended routine.

It requires the existence of the following files to properly run:

  • xul.dll

NOTES:

It requires xul.dll which is a known Mozilla Firefox DLL to load and get the following APIs from xul.dll:

  • PORT_Set_Error
  • NSS_CMSSignerInfo_GetSigningCertificate
  • CERT_GetCommonName
  • NSS_CMSSignerInfo_Verify
  • VFY_VerifyDigestDirect