JAVA_DLOADR.YYSQR
HEUR:Exploit.Java.Generic (KASPERSKY); Java.Trojan.GenericGB.706 (BITDEFENDER)
Windows
Threat Type: Trojan
Destructiveness: No
Encrypted:
In the wild: Yes
OVERVIEW
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
It accesses websites to download files. This action allows this malware to possibly add other malware on the affected computer. It executes downloaded files whose malicious routines are exhibited by the affected system.
However, as of this writing, the said sites are inaccessible.
TECHNICAL DETAILS
4,517 bytes
JAR
21 May 2018
Arrival Details
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
Download Routine
This Trojan accesses websites to download the following files:
- http://www.{BLOCKED}f.org.tw/Legacy_Train/UpFile/ResearchFile/cats.css
It saves the files it downloads using the following names:
- %TEMP%\Install_flashplayer_mssd_ash.exe
It executes downloaded files :
- %TEMP%\Install_flashplayer_mssd_ash.exe
Other Details
However, as of this writing, the said sites are inaccessible.