PUA_YOUXUN.GA

 Analysis by: Janus Agcaoili

 ALIASES:

PUA.RiskWare.Youxun (Ikarus)

 PLATFORM:

Windows

 OVERALL RISK RATING:
 DAMAGE POTENTIAL:
 DISTRIBUTION POTENTIAL:
 REPORTED INFECTION:
 INFORMATION EXPOSURE:

  • Threat Type: Potentially Unwanted Application

  • Destructiveness: No

  • Encrypted:

  • In the wild: Yes

  OVERVIEW


This Potentially Unwanted Application arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It may be manually installed by a user.

  TECHNICAL DETAILS

File Size:

4,081,256 bytes

File Type:

EXE

Memory Resident:

No

Initial Samples Received Date:

12 May 2017

Arrival Details

This Potentially Unwanted Application arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

It may be manually installed by a user.

Other Details

This Potentially Unwanted Application connects to the following possibly malicious URL:

  • http://ggstats.box.{BLOCKED}net.com/pinforesults.do?sc=zWHb1A3Yve4cliYfA13cza3Znh4cj63ewSHf62UcwKoanhUQ16XewOnKiiUM3lUM3RUM6JUMkCUMxBUQkGXcnZUQlm3d
  • http://tongji2.box.{BLOCKED}net.com/count.do?sc=%3DF0NzZEO1VUP1FUQm2Xb1aDa1Z0ZyhEa0hENkS3OlOXNji0Z3Vka4FnanSkOiSENl2UalA3Zn1USIAFeaS2U1mGSPS4br2FeOeVU1GFSO2kc0aTOvJkMx5TPA53cqOodmaoKzWHb1A3Yve4cliYfA13czanKtyXZ1Oocq2UaxmIe

It does the following:

  • Displays a window the prompts the user to install the software.