Home / malware Trojan:Win32/Projostig
First posted on 16 June 2010.
Source: SecurityHomeAliases :
Trojan:Win32/Projostig is also known as Win-Trojan/Xema.variant (AhnLab), Trojan.VB.JNXK (VirusBuster), Downloader.VB.7.Y (AVG), Worm/VBNA.B.37 (Avira), Win32/VB.PAZ (ESET), Worm.Win32.VBNA (Ikarus), Trojan.Win32.Generic!BT (Sunbelt Software).
Explanation :
Trojan:Win32/Projostig is a detection for obfuscated malware. The loader, which is detected as Trojan:Win32/Projostig, is written in Visual Basic and the malicious code, which may have virtually any purpose, is encrypted.
Top
Trojan:Win32/Projostig is a detection for obfuscated malware. The loader, which is detected as Trojan:Win32/Projostig, is written in Visual Basic and the malicious code, which may have virtually any purpose, is encrypted. When run, the code is decrypted and injected into the current process so the resulting code is never written to disk, in an attempt to avoid being detected by security software. It contains code and techniques to make its analysis more difficult. The following actions have been observed in various files detected as Trojan:Win32/Projostig: Drops files Injects code into multiple processes Downloads and executes other potentially malicious files Connects to various Web sites
Analysis by Francis Allan Tan SengLast update 16 June 2010
