Search
Keyword: troj_cryptesla
Infection Points It may be downloaded from the following remote sites: {BLOCKED}eakme.com Other Details Based on analysis of the codes, it has the following capabilities: Exploits a vulnerability in
It may be dropped by other malware. It may arrive bundled with malware packages as a malware component. It may arrive as a file that exports functions used by other malware. It requires its main
It may be downloaded by other malware/grayware/spyware from remote sites. It arrives as an attachment to email messages spammed by other malware/grayware/spyware or malicious users. Arrival Details
It may be unknowingly downloaded by a user while visiting malicious websites. It may be dropped by other malware. It executes the files it drops, prompting the affected system to exhibit the
Download Routine It takes advantage of the following software vulnerabilities to allow a remote user or malware/grayware/spyware to download files: Vulnerability in the Adobe Acrobat and Reader
This Trojan may be dropped by other malware. It may arrive bundled with malware packages as a malware component. It executes the dropped file(s). As a result, malicious routines of the dropped files
To get a one-glance comprehensive view of the behavior of this Trojan, refer to the Threat Diagram shown below. This Trojan may be downloaded from remote sites by other malware. It adds registry
This Trojan executes the files it drops, prompting the affected system to exhibit the malicious routines they contain. Dropping Routine This Trojan drops the following files: %System%\esentprf32.dll
This Trojan may be downloaded by other malware/grayware/spyware from remote sites. It may be dropped by other malware. It may be unknowingly downloaded by a user while visiting malicious websites.
Trend Micro has flagged this Trojan as noteworthy due to the increased potential for damage, propagation, or both, that it possesses. This Trojan is related to another noteworthy entry BKDR_VBOT.A To
It may be downloaded by other malware/grayware/spyware from remote sites. It may be unknowingly downloaded by a user while visiting malicious websites. It modifies registry entries to enable its
It adds registry entries to enable its automatic execution at every system startup. Autostart Technique It adds the following registry entries to enable its automatic execution at every system
This Trojan may be dropped by other malware. It may be unknowingly downloaded by a user while visiting malicious websites. However, as of this writing, the said sites are inaccessible. Arrival
This Trojan may be downloaded by other malware/grayware/spyware from remote sites. It may be unknowingly downloaded by a user while visiting malicious websites. Arrival Details This Trojan may be
This Trojan deletes itself after execution. Installation This Trojan drops the following copies of itself into the affected system: %User Temp%\AcroRD32.exe (Note: %User Temp% is the current user's
This Trojan takes advantage of the following vulnerability: RTF Stack Buffer Overflow vulnerability More information about this vulnerability can be found in the following Web page: Microsoft
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
This Trojan may be dropped by other malware. It may be unknowingly downloaded by a user while visiting malicious websites. It connects to certain websites to send and receive information. It
This Trojan executes the dropped file(s). As a result, malicious routines of the dropped files are exhibited on the affected system. It deletes itself after execution. Installation This Trojan drops
This Trojan may be unknowingly downloaded by a user while visiting malicious websites. This file contains a URL where it connects to possibly download other files. It deletes itself after execution.