SecurityHome.eu Trojan:X97M/ShellHide.C

Home / malware PDF

Trojan:X97M/ShellHide.C

First posted on 20 February 2017.
Source: Microsoft
Aliases :
There are no other names known for Trojan:X97M/ShellHide.C.
Explanation :
Installation

This threat may arrive as an email spammed macro malware which, when opened, socially engineers you to enable it in your PC.

The malware runs when enabled. It then drops a malicious executable file in the users temporary directory with the following format:

"%temp%\\.cm d".

For example:

"%temp%\JHJ\HJ.cm d"
"%temp%\EDE\DE.cm d"

Payload

Downloads malware

This threat can download other malware onto your PC. We have observed that some of the dropped files are detected as Trojan:Win32/Dynamer!ac malware.

SHA-1s used in this analysis:

b8a62d5a4845de10f5da02d0879f5255caafdb6f

eecb78ef48cde720ebe06364f7d64d447c7c7c53

Analysis by Jireh Sanico
Last update 20 February 2017

TOP

Malware :

Dridex
Shamoon 2
Hitler-Ransomware
Trojan.Win32.Vicepass.A
ButterflyBot.A

Last 20

Family:

Trojan:X97M/ShellHide.C