Analysis by: John Donnie Celestre

 PLATFORM:

Windows

 OVERALL RISK RATING:
 DAMAGE POTENTIAL:
 DISTRIBUTION POTENTIAL:
 REPORTED INFECTION:
 INFORMATION EXPOSURE:

  • Threat Type: Trojan

  • Destructiveness: No

  • Encrypted:

  • In the wild: Yes

  OVERVIEW

This is the Trend Micro generic detection for files exhibiting suspicious behavior that may cause harm to systems. Trojans are a general malware classification for malicious files, applications, or programs commonly downloaded from the Internet.

Historically, people have used Trojans to either further their research or gain notoriety. Now, cybercriminals use Trojans to gain profit by stealing user data like banking credentials and personally identifiable information (PII). They can sell this information in the cybercriminal underground or use it to launch other attacks such as phishing.

Some Trojans, coupled with social engineering techniques, are also capable of tricking users to do other activities. FAKEAV, for example, is a notorious malware family that displays phony alerts and scanning results to scare users into buying fake antivirus software.

Trojans like ransomware can lock up files and systems, supposedly holding them captive. Users are not able to access their systems or files unless they pay ransom.

To further compromise a system’s security, these Trojans also download or drop other malware, and access URLs to send and receive commands from a remote attacker. Remote attackers can control systems and make them perform malicious actions without user knowledge. Such actions include sending spam with malicious links or attachments, or launching denial-of-service (DoS) attacks against entities or organizations.

If your Trend Micro product detects a file under this detection name, do not execute it. Delete it immediately, especially if it comes from an untrustworthy or an unknown source (e.g., a website of doubtful nature). However, if you have reason to believe that the detected file is non-malicious, you may submit it to us. Sample files for submission must be in .ZIP format and should be password-protected. To submit a .ZIP file, you must use file compression software like Winzip. A trial version is available here.

To compress a file, please follow the steps below:

  1. Right-click on the file and select Add to Zip.

  2. Create a file name for the .ZIP file.

  3. On the Options menu, choose Encrpyt. In the input box, type “virus”. This will serve as the password for the .ZIP file.

  4. Send the sample through the following channels:

  • For Trend Micro Premium customers, please submit a virus support case by clicking here:

    https://success.trendmicro.com/

  • For Trend Micro non-Premium customers, please contact your local support network by visiting your Trend Micro regional website.

  • For non-Trend Micro customers, scan your system with HouseCall, our widely used and capable on-demand scanner for identifying and removing viruses, Trojans, worms, unwanted browser plug-ins, and other malware.

  SOLUTION

Minimum Scan Engine: 9.850
FIRST VSAPI PATTERN FILE: 14.727.00
FIRST VSAPI PATTERN DATE: 02 Jan 2019

Trend customers:

    Keep your pattern and scan engine files updated. Trend Micro antivirus software can clean or remove most types of computer threats. Malware, though, such as Trojans, scripts, overwriting viruses and joke programs which are identified as uncleanable, should simply be deleted.

All Internet users:

    1. Use HouseCall - the Trend Micro online threat scanner to check for malware that may already be on your PC.
    2. Catch malware/grayware before they affect your PC or network. Secure your Web world with Trend Micro products that offer the best anti-threat and content security solutions for home users, corporate users, and ISPs. Go here for more information on Trend Micro products that fit your needs.


Did this description help? Tell us how we did.