Home / malware TrojanDownloader:W97M/Adnel
First posted on 08 December 2014.
Source: MicrosoftAliases :
There are no other names known for TrojanDownloader:W97M/Adnel.
Explanation :
Threat behavior
Installation
This threat is a malicious macro that can be embedded in a Microsoft Office file. When you open the malicious file, Microsoft Word should show you a security notification to ask whether you want to enable macros. If you enable macros, this threat will run.
We have seen this threat spread as a malicious Excel file that is attached to spam emails as a .xls file. Below is an example of the spam email content:
Payload
Downloads other malware
The macro tries to download other malware including TrojanDownloader:Win32/Drixed.B.
We have seen it contact the following URLs to download malware:
- 79.137.227.123/
.php - danidata.dk/
.exe
It can save the file to the following locations:
- 444.exe
- EWSUVRXTBUU.exe
- Test.exe
Analysis by Hong Jia
Symptoms
The following can indicate that you have this threat on your PC:
- You have these files:
- 444.exe
- EWSUVRXTBUU.exe
- Test.exe
Last update 08 December 2014