TROJ_FAKEMS.DXN
Windows
Threat Type: Trojan
Destructiveness: No
Encrypted: No
In the wild: Yes
OVERVIEW
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
It requires its main component to successfully perform its intended routine.
TECHNICAL DETAILS
Arrival Details
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
Installation
This Trojan adds the following mutexes to ensure that only one of its copies runs at any one time:
- Ace123dx
Other Details
This Trojan connects to the following possibly malicious URL:
- {BLOCKED}.{BLOCKED}.4.40
It requires its main component to successfully perform its intended routine.
It checks for the presence of the following process(es):
- Navapsvc.exe
- ccSvcHst.exe
- KAVsvc.exe
- RAVmonD.exe
- zhudongfangyu.exe
- avp.exe
- Trend
- TmPfw.exe
- NOD32
- ekrn.exe
- avguard.exe
NOTES:
This Trojan is capable of the following:
- Get system information
- Log keystrokes
- Get stored credentials
- Execute files
- Execute commands
- Manipulate files