TROJ_HPISDA.SM
PLATFORM:
Windows
OVERALL RISK RATING:
DAMAGE POTENTIAL:
DISTRIBUTION POTENTIAL:
REPORTED INFECTION:
INFORMATION EXPOSURE:
Threat Type: Trojan
Destructiveness: No
Encrypted:
In the wild: Yes
OVERVIEW
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
TECHNICAL DETAILS
Arrival Details
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
NOTES:
This is the Trend Micro detection for malware that uses a custom packer (or a “hacker” packer) to avoid detection.
It initially targets the hacker packer used by LOCKY ransomware but it may also detect malware from other family like:
- RANSOM_CRYSIS
- RANSOM_CRYPICH
- TSPY_URSNIF
- TSPY_ZBOT
- BKDR_ANDROM
- BKDR_PUSHDO
Once the custom packer completes its decryption routine, it will execute the embedded malware. As a result, the behavior of the embedded malware is exhibited on the affected system.