Analysis by: John Rainier Navato

ALIASES:

Trojan-Downloader.Win32.Unruy (IKARUS)

 PLATFORM:

Windows

 OVERALL RISK RATING:
 DAMAGE POTENTIAL:
 DISTRIBUTION POTENTIAL:
 REPORTED INFECTION:
 INFORMATION EXPOSURE:

  • Threat Type: Trojan

  • Destructiveness: No

  • Encrypted:

  • In the wild: Yes

  OVERVIEW

This is the Trend Micro generic detection for files exhibiting suspicious behavior that may cause harm to systems. Trojans are a general malware classification for malicious files, applications, or programs commonly downloaded from the Internet.

Historically, people have used Trojans to either further their research or gain notoriety. Now, cybercriminals use Trojans to gain profit by stealing user data like banking credentials and personally identifiable information (PII). They can sell this information in the cybercriminal underground or use it to launch other attacks such as phishing.

Some Trojans, coupled with social engineering techniques, are also capable of tricking users to do other activities. FAKEAV, for example, is a notorious malware family that displays phony alerts and scanning results to scare users into buying fake antivirus software.

Trojans like ransomware can lock up files and systems, supposedly holding them captive. Users are not able to access their systems or files unless they pay ransom.

To further compromise a system’s security, these Trojans also download or drop other malware, and access URLs to send and receive commands from a remote attacker. Remote attackers can control systems and make them perform malicious actions without user knowledge. Such actions include sending spam with malicious links or attachments, or launching denial-of-service (DoS) attacks against entities or organizations.

If your Trend Micro product detects a file under this detection name, do not execute it. Delete it immediately, especially if it comes from an untrustworthy or an unknown source (e.g., a website of doubtful nature). However, if you have reason to believe that the detected file is non-malicious, you may submit it to us. Sample files for submission must be in .ZIP format and should be password-protected. To submit a .ZIP file, you must use file compression software like Winzip. A trial version is available here.

To compress a file, please follow the steps below:

  1. Right-click on the file and select Add to Zip.

  2. Create a file name for the .ZIP file.

  3. On the Options menu, choose Encrypt. In the input box, type “virus”. This will serve as the password for the .ZIP file.

  4. Send the sample through the following channels:

  • For Trend Micro Premium customers, please submit a virus support case by clicking here:

    https://success.trendmicro.com/

  • For Trend Micro non-Premium customers, please contact your local support network by visiting your Trend Micro regional website.

  • For non-Trend Micro customers, scan your system with HouseCall, our widely used and capable on-demand scanner for identifying and removing viruses, Trojans, worms, unwanted browser plug-ins, and other malware.