SecurityHome.eu TrojanDropper:JS/Zlader.B

Home / malware PDF

TrojanDropper:JS/Zlader.B

First posted on 18 November 2015.
Source: Microsoft
Aliases :
There are no other names known for TrojanDropper:JS/Zlader.B.
Explanation :
Threat behavior

Installation

This threat might arrive on your PC as an email attachment. We have seen it use the following names:

Ã¦tÃÂ‘GÃ¡-SÃ¡¬Gpad_130-2_132-9_ÃÂŸ«Ãº½Ã¡ÃÂŸ«Ã³Ã¡¡«_ÃÂŸ_¡Ã¡tÃ¡½8¡¿¬«¼_«GÃ±ÃÂ‘½Ã¡_»a«Ã±Ã¡ª__Scanned_by_Dr.WÃÂ‘£_ÃÂ‡ntivirus_163-10_13f850b43c8.tst_.js

ÃÂ‡¬G_ÃÂŸÃ³ÃÂ‘a¬¿_«G_10.11.2015_Ãº«Ã±Ã¡___«G»aÃ¡Ã³½ÃÂ‘¡«_¬«¡GaÃ¡ÃºÃÂ‘¡Gp_-_Ã¦«Ãº½Ã¡ÃÂŸ«Ã³Ã¡¡«_Ã±¿aÃÂ‘¬G«a«¼_-_ÃÂ„ÃTÃÂ‘ÃÂŸGÃ³«_ÃÂŸ_«ÃºaÃ¡¡¿tÃÂ‘¡¡«¬_«GÃ³ÃÂ‘GÃÂŸGÃ³ÃÂ‘¡¡«ÃÂŸG8e_ÃÂ‰ÃÂ‘ÃpÃÂŸ___2bd55b51050.tst_.js

We have seen this threat create the following file your your PC:

%TEMP% \09093.exe - detected as Ransom:Win32/Zlader.A

Payload

Downloads malware or unwanted software

This threat can download other malware and unwanted software onto your PC. We have seen it install malware from the Trojan:Win32/Zlader family.

Analysis by Donna Sibangan

Symptoms

The following can indicate that you have this threat on your PC:

You have these files

%TEMP%\09093.exe
Ã¦tÃÂ‘GÃ¡-SÃ¡¬Gpad_130-2_132-9_ÃÂŸ«Ãº½Ã¡ÃÂŸ«Ã³Ã¡¡«_ÃÂŸ_¡Ã¡tÃ¡½8¡¿¬«¼_«GÃ±ÃÂ‘½Ã¡_»a«Ã±Ã¡ª__Scanned_by_Dr.WÃÂ‘£_ÃÂ‡ntivirus_163-10_13f850b43c8.tst_.js
ÃÂ‡¬G_ÃÂŸÃ³ÃÂ‘a¬¿_«G_10.11.2015_Ãº«Ã±Ã¡___«G»aÃ¡Ã³½ÃÂ‘¡«_¬«¡GaÃ¡ÃºÃÂ‘¡Gp_-_Ã¦«Ãº½Ã¡ÃÂŸ«Ã³Ã¡¡«_Ã±¿aÃÂ‘¬G«a«¼_-_ÃÂ„ÃTÃÂ‘ÃÂŸGÃ³«_ÃÂŸ_«ÃºaÃ¡¡¿tÃÂ‘¡¡«¬_«GÃ³ÃÂ‘GÃÂŸGÃ³ÃÂ‘¡¡«ÃÂŸG8e_ÃÂ‰ÃÂ‘ÃpÃÂŸ___2bd55b51050.tst_.js

Last update 18 November 2015

TOP

Malware :

Last 20

Family:

TrojanDropper:JS/Zlader.B