TROJ_ZURGOP.APGJ
March 23, 2017
PLATFORM:
Windows
OVERALL RISK RATING:
REPORTED INFECTION:
Threat Type: Trojan
Destructiveness: No
Encrypted: Yes
In the wild: Yes
OVERVIEW
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
It terminates itself if it detects it is being run in a virtual environment.
TECHNICAL DETAILS
File Size:
256,000 bytes
File Type:
EXE
Memory Resident:
Yes
Initial Samples Received Date:
21 Mar 2017
Arrival Details
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
Installation
This Trojan adds the following processes:
- explorer.exe
It injects codes into the following process(es):
- explorer.exe
Other Details
This Trojan connects to the following URL(s) to check for an Internet connection:
- www.bing.com
It terminates itself if it detects it is being run in a virtual environment.
It does the following:
- It checks for virtual environtment by checking the presence of the following strings:
- dbghelp.dll
- sbiedll.dll
- qemu
- virtual
- vmware
- xen
- ffffcce24