ESILE


 PLATFORM:

Windows 2000, Windows Server 2003, Windows XP (32-bit, 64-bit), Windows Vista (32-bit, 64-bit), Windows 7 (32-bit, 64-bit)

 OVERALL RISK RATING:
 DAMAGE POTENTIAL:
 DISTRIBUTION POTENTIAL:
 REPORTED INFECTION:
 INFORMATION EXPOSURE:

  • Threat Type: Trojan

  • Destructiveness: No

  • Encrypted:

  • In the wild: Yes

  OVERVIEW

This malware drops the following files:

  • %User Temp%\calendar.xls

  • %User Temp%\iexplore.bat

The dropped .BAT file is then executed by the malware. Therefore the malicious routines of the dropped file are exhibited on the affected system.

The .XLS file is then opened by the malware to trick the user into thinking that opening the xls file was the only behavior exhibited on the system.

This Trojan bears the file icons of certain applications to avoid easy detection and consequent removal.

It executes the dropped file(s). As a result, malicious routines of the dropped files are exhibited on the affected system.

  TECHNICAL DETAILS

Memory Resident:

Yes

Installation

This Trojan drops the following files:

  • %User Temp%\calendar.xls
  • %User Temp%\iexplore.bat

(Note: %User Temp% is the current user's Temp folder, which is usually C:\Documents and Settings\{user name}\Local Settings\Temp on Windows 2000, XP, and Server 2003, or C:\Users\{user name}\AppData\Local\Temp on Windows Vista and 7.)

It bears the file icons of the following applications:

  • Microsoft Excel

Dropping Routine

This Trojan executes the dropped file(s). As a result, malicious routines of the dropped files are exhibited on the affected system.

NOTES:

It drops a legitimate .XLS file and executes it. Thus, the malware tricks the user into thinking it is only opening an .XLS file.