TROJ_HPISDA.SM

 Analysis by: Pearl Charlaine Espejo

 PLATFORM:

Windows

 OVERALL RISK RATING:
 DAMAGE POTENTIAL:
 DISTRIBUTION POTENTIAL:
 REPORTED INFECTION:
 INFORMATION EXPOSURE:

  • Threat Type: Trojan

  • Destructiveness: No

  • Encrypted:

  • In the wild: Yes

  OVERVIEW

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

  TECHNICAL DETAILS

Arrival Details

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

NOTES:

This is the Trend Micro detection for malware that uses a custom packer (or a “hacker” packer) to avoid detection.

It initially targets the hacker packer used by LOCKY ransomware but it may also detect malware from other family like:

  • RANSOM_CRYSIS
  • RANSOM_CRYPICH
  • TSPY_URSNIF
  • TSPY_ZBOT
  • BKDR_ANDROM
  • BKDR_PUSHDO

Once the custom packer completes its decryption routine, it will execute the embedded malware. As a result, the behavior of the embedded malware is exhibited on the affected system.