Home / malware Downloader.Hinired
First posted on 09 December 2015.
Source: SymantecAliases :
There are no other names known for Downloader.Hinired.
Explanation :
Once executed, the Trojan creates the following file:
[PATH TO THREAT]\[THREAT FILE NAME].exe
The Trojan modifies the following registry subkey:
HKEY_CURRENT_USER\Software\Microsoft\[DEFAULT]
The Trojan checks internet connectivity by connecting to the following remote location:
http://get.adobe.com/flashplayer/download/?dualoffer=false&installer=[RANDOM NUMBER]
The Trojan then gathers the following information from the compromised computer:
Hardware IDOperating system versionSystem architecture Program privilege levels
The Trojan then send the gathered information to one or more of the following remote locations:
[http://]megapolisss006.su/go/gate[REMOVED][http://]wedspa.su/go/gate[REMOVED][http://]fast-node.info/rel/gate[REMOVED][http://]162.243.167.212/mediaserver/autog[REMOVED]
Next, the Trojan may download potentially malicious files onto the compromised computer, such as the following:
%UserProfile%\Templates\[SEVEN RANDOM LETTERS].exe
The Trojan may then delete the following file:
[PATH TO THREAT]\[THREAT FILE NAME].exeLast update 09 December 2015