TROJ_INJECT.OO
March 27, 2014
ALIASES:
Win32/Spy.Tuscas.A (ESET), Troj/Agent-AGFA (Sophos), Trojan Horse (Symantec)
PLATFORM:
Windows 2000, Windows Server 2003, Windows XP (32-bit, 64-bit), Windows Vista (32-bit, 64-bit), Windows 7 (32-bit, 64-bit)
OVERALL RISK RATING:
DAMAGE POTENTIAL:
DISTRIBUTION POTENTIAL:
REPORTED INFECTION:
INFORMATION EXPOSURE:
Threat Type: Trojan
Destructiveness: No
Encrypted:
In the wild: Yes
OVERVIEW
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
TECHNICAL DETAILS
File Size:
228,864 bytes
File Type:
DLL
Initial Samples Received Date:
19 Mar 2014
Arrival Details
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
Installation
This Trojan injects codes into the following process(es):
- explorer.exe
- iexplore.exe
- chrome.exe
- firefox.exe
Other Details
This Trojan connects to the following possibly malicious URL:
- http://{BLOCKED}.{BLOCKED}.192.195/tasks?version={version}&group={group}&client={client hash}&computer={computer name}&os={os version}&latency={connection latency}&crc={generated hash}