TROJ_ARTIEF.UK
Windows
Threat Type: Trojan
Destructiveness: No
Encrypted: Yes
In the wild: Yes
OVERVIEW
This Trojan arrives as attachment to mass-mailed email messages.
It executes the dropped file(s). As a result, malicious routines of the dropped files are exhibited on the affected system.
TECHNICAL DETAILS
619,765 bytes
RTF
No
12 Feb 2015
Arrival Details
This Trojan arrives as attachment to mass-mailed email messages.
Dropping Routine
This Trojan drops the following files:
- %User Profile%\Local Settings\svchost.exe - detected as BKDR_BLADABIN.UK
(Note: %User Profile% is the current user's profile folder, which is usually C:\Documents and Settings\{user name} on Windows 2000, XP, and Server 2003, or C:\Users\{user name} on Windows Vista and 7.)
It executes the dropped file(s). As a result, malicious routines of the dropped files are exhibited on the affected system.
NOTES:
After performing its malicious routines, this Trojan replaces the original malicious .RTF file with a normal document file and opens it.