SWF_EXPLOYT.LDCD

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It may be hosted on a website and run when a user accesses the said website. However, as of this writing, the said sites are inaccessible.

It executes the downloaded files. As a result, malicious routines of the downloaded files are exhibited on the affected system.

Arrival Details

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

It may be hosted on a website and run when a user accesses the said website.

It may be downloaded from the following remote sites:

• http://{BLOCKED}44b4.{BLOCKED}inghoerblast.com:80/4Ua6Ro1OOcPg5K1gTveDUp6e-sg3lGTvKYewIeLYXoQdTflVWsyyrAhF2ZeKI9uL
• http://{BLOCKED}olasoftaga.{BLOCKED}psdaily.com:80/moy0OK8oOky7qztSSDVdatQeohIdh91ElWoBTgkZjckCub-sYr5pwydV3H4xKVfs
• http://{BLOCKED}2r9622.{BLOCKED}erblast.com:80/5zOx-VmFMcGyGeXsAE2nqhoOJxGy_2ph2R52vhE4rELr-EjGarvmZBTiaLFz3aPm
• http://{BLOCKED}93tt1.{BLOCKED}randnever.co:80/tvoto0w8Oa8Q8mnI81AsYwMzWOyH9YRq_WPq_ycL1V4NyzsZ-urgzNZRStdPo-25
• http://{BLOCKED}e0r9.{BLOCKED}andnever.org:80/fR1e-uUK9P7AC4VEtNMSDqSwhKlN7trFQqomOrzu1m_8WnvpsGuPcNQNvNUZJ0ra
• http://{BLOCKED}i3jq5.{BLOCKED}host.net:80/JwTZX7PQxRXW63Zi8ASAfQDA01N9H-ITX22onnPhStgV2IhhYBcoi-Uoq9kSX9i7
• http://{BLOCKED}qri3jq5.vbehost.net:80/mzBPtAEDXYJxWSiiUA6C9g_n5znYgFQjyWb_8kJNiSThw9axUUH3hWYgDl817klI

However, as of this writing, the said sites are inaccessible.

Download Routine

This Trojan takes advantage of the following software vulnerabilities to download possibly malicious files:

• CVE-2014-8439

It then executes the downloaded files. As a result, malicious routines of the downloaded files are exhibited on the affected system.

It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the parameter passed on to it by its components.