SecurityHome.eu TrojanDownloader:W97M/Adnel

Home / malware PDF

TrojanDownloader:W97M/Adnel

First posted on 08 December 2014.
Source: Microsoft
Aliases :
There are no other names known for TrojanDownloader:W97M/Adnel.
Explanation :
Threat behavior

Installation

This threat is a malicious macro that can be embedded in a Microsoft Office file. When you open the malicious file, Microsoft Word should show you a security notification to ask whether you want to enable macros. If you enable macros, this threat will run.

We have seen this threat spread as a malicious Excel file that is attached to spam emails as a .xls file. Below is an example of the spam email content:

Payload

Downloads other malware

The macro tries to download other malware including TrojanDownloader:Win32/Drixed.B.

We have seen it contact the following URLs to download malware:

79.137.227.123/.php

danidata.dk/.exe

It can save the file to the following locations:

444.exe

EWSUVRXTBUU.exe

Test.exe

Analysis by Hong Jia

Symptoms

The following can indicate that you have this threat on your PC:

You have these files:

444.exe
EWSUVRXTBUU.exe
Test.exe

Last update 08 December 2014

TOP

Malware :

Last 20