Home / malware Trojan:Win32/Hescrel.A
First posted on 12 September 2014.
Source: MicrosoftAliases :
There are no other names known for Trojan:Win32/Hescrel.A.
Explanation :
Threat behavior
Installation
Trojan:Win32/Hescrel.A creates the following files on your PC:
The malware uses code injection to make it harder to detect and remove. It can inject code into running processes, including the following:
- c:\documents and settings\administrator\my documents\my music\scr.lnk
- explorer.exe
Payload
Contacts remote host
Trojan:Win32/Hescrel.A might contact a remote host at 46.105.143.221 using port 80. Commonly, malware does this to:
- Report a new infection to its author
- Receive configuration or other data
- Download and run files, including updates or other malware
- Receive instructions from a remote hacker
- Upload data taken from your PC
This malware description was produced and published using automated analysis of file SHA1 f5bfd61d3dfe8efc2e46e82610eec68a7ac304f1.Symptoms
System changes
The following could indicate that you have this threat on your PC:
- You have these files:
c:\documents and settings\administrator\my documents\my music\scr.lnkLast update 12 September 2014
