Home / malwarePDF  

Trojan:Win32/Projostig


First posted on 16 June 2010.
Source: SecurityHome

Aliases :

Trojan:Win32/Projostig is also known as Win-Trojan/Xema.variant (AhnLab), Trojan.VB.JNXK (VirusBuster), Downloader.VB.7.Y (AVG), Worm/VBNA.B.37 (Avira), Win32/VB.PAZ (ESET), Worm.Win32.VBNA (Ikarus), Trojan.Win32.Generic!BT (Sunbelt Software).

Explanation :

Trojan:Win32/Projostig is a detection for obfuscated malware. The loader, which is detected as Trojan:Win32/Projostig, is written in Visual Basic and the malicious code, which may have virtually any purpose, is encrypted.
Top

Trojan:Win32/Projostig is a detection for obfuscated malware. The loader, which is detected as Trojan:Win32/Projostig, is written in Visual Basic and the malicious code, which may have virtually any purpose, is encrypted. When run, the code is decrypted and injected into the current process so the resulting code is never written to disk, in an attempt to avoid being detected by security software. It contains code and techniques to make its analysis more difficult. The following actions have been observed in various files detected as Trojan:Win32/Projostig: Drops files Injects code into multiple processes Downloads and executes other potentially malicious files Connects to various Web sites

Analysis by Francis Allan Tan Seng

Last update 16 June 2010

 

TOP