Search
Keyword: troj_cryptesla
This Trojan is found to have an increased potential for damage, propagation, or both. Specifically, it has the ability to filter and block an infected system's connection to the cloud. To get a
This Trojan may be unknowingly downloaded by a user while visiting malicious websites. It executes the files it drops, prompting the affected system to exhibit the malicious routines they contain.
It takes advantage of certain vulnerabilities. Dropping Routine This Trojan drops the following files: %User Temp%\winword.exe - detected as TROJ_DINGU.B (Note: %User Temp% is the current user's Temp
This Trojan deletes itself after execution. Installation This Trojan drops the following copies of itself into the affected system: %System%\{random filename}.exe (Note: %System% is the Windows
This Trojan may be dropped by other malware. It modifies registry entries to enable its automatic execution at every system startup. Arrival Details This Trojan may be dropped by the following
This Trojan executes the dropped file(s). As a result, malicious routines of the dropped files are exhibited on the affected system. This Trojan takes advantage of software vulnerabilities to allow a
Trend Micro has flagged this Trojan as noteworthy due to the increased potential for damage, propagation, or both, that it possesses. It also uses social engineering methods to lure users into
This Trojan executes the dropped file(s). As a result, malicious routines of the dropped files are exhibited on the affected system. This Trojan takes advantage of software vulnerabilities to allow a
Trend Micro has flagged this Trojan as noteworthy due to the increased potential for damage, propagation, or both, that it possesses. Specifically, it exploits a 0-day vulnerability in Adobe Flash
It enumerates running services and randomly chooses a service name to use as its file name. This Trojan may be dropped by other malware. It adds registry entries to enable its automatic execution at
This Trojan arrives as an attachment to email messages spammed by other malware/grayware/spyware or malicious users. It arrives on a system as a file dropped by other malware or as a file downloaded
This Trojan may be dropped by other malware. It adds registry entries to enable its automatic execution at every system startup. It disables antivirus services. This is done to allow this malware to
It monitors specific URLs. If users access these monitored sites, they are redirected by this malware to specific malicious sites. This Trojan may be dropped by other malware. Arrival Details This
This Trojan is noteworthy as it arrives as an attachment to a spam message professing to be from Bobijou Inc., an online jewelry shop. This message directs recipients to the attachment by indicating
This Trojan executes the downloaded files. As a result, malicious routines of the downloaded files are exhibited on the affected system. Arrival Details This Trojan may be downloaded from the
This Trojan has two embedded .SWF files in its body that it uses to exploit CVE-2011-0611. The two .SWF files are detected as SWF_EXPLOIT.WS. If exploit is successful, it drops files. This Trojan
It may be dropped by other malware. It may be unknowingly downloaded by a user while visiting malicious websites. Arrival Details It may be dropped by other malware. It may be unknowingly downloaded
It may be unknowingly downloaded by a user while visiting malicious websites. It arrives as attachment to mass-mailed email messages. It executes the dropped file(s). As a result, malicious routines
It may be downloaded by other malware/grayware/spyware from remote sites. It may be dropped by other malware. It arrives on a system as a file dropped by other malware or as a file downloaded
To get a one-glance comprehensive view of the behavior of this Trojan, refer to the Threat Diagram shown below. This Trojan arrives as attachment to mass-mailed email messages. It may be downloaded