Trojan.Win32.SHELLCODE.AM

It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

Führt bestimmte Befehle aus, die sie extern von einem böswilligen Benutzer erhält. Dadurch sind der betroffene Computer und auf ihm gespeicherte Daten stärker gefährdet.

Übertragungsdetails

It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

Backdoor-Routine

Führt die folgenden Befehle eines externen, böswilligen Benutzers aus:

• May execute files with the following extension when received:
  • .exe
  • .vbs
  • .ps1
    • format: "powershell -WindowsStyle Hidden -ep bypass -file "
  • .bat
  • .cmd
• The next routine is arbitrary and depends on the executed file behavior. However, as of this writing, no additional file was received from the C&C.