Home / malwarePDF  

Trojan:Win32/Enchanim.gen!B


First posted on 01 August 2012.
Source: Microsoft

Aliases :

Trojan:Win32/Enchanim.gen!B is also known as Trojan.Win32.Menti.notu (Kaspersky), TR/Kazy.47599 (Avira), Trojan.Win32.Enchanim (Ikarus), Trojan-Downloader.Win32.Agent.gyma (Kaspersky).

Explanation :



Trojan:Win32/Enchanim.gen!B is a generic detection for a member of the Trojan:Win32/Enchanim family of trojans.

This trojan may be downloaded and run by other malware. It injects code into running processes, contacts remote hosts and may also download and run additional files.



Installation

Trojan:Win32/Enchanim.gen!B may be downloaded and run by other malware, such as Worm:Win32/Gamarue.F.

Upon running, Trojan:Win32/Enchanim.gen!B moves itself to "<system folder>\<random name>.exe", for example "<system folder>\awina.exe".

Note: <system folder> refers to a variable location that is determined by the malware by querying the operating system. The default installation location for the System folder for Windows 2000 and NT is "C:\Winnt\System32"; and for XP, Vista, and 7 it is "C:\Windows\System32".

The trojan installs itself as a system service with the same name as the file, for example "awina".

When Trojan:Win32/Enchanim.gen!B runs, it injects its code into running processes, including the following, to hinder detection and removal of the code:

  • csrss.exe
  • explorer.exe
  • lsass.exe
  • svchost.exe


Payload

Contacts remote hosts

Trojan:Win32/Enchanim.gen!B tries to report its infection on your computer to a remote C&C (command and control) server with a unique ID that identifies your computer and operating system version. In the wild, we have observed Trojan:Win32/Enchanim.gen!B attempting to contact the following servers:
  • 46.183.216.233
  • 95.141.46.5
  • 184.82.100.248


Note: At the time of analysis, none of these servers were returning any data or information.

The C&C server may instruct Trojan:Win32/Enchanim.gen!B to download and run additional files.

Related encyclopedia entries

Trojan:Win32/Enchanim

Worm:Win32/Gamarue.F

Analysis by Shawn Wang

Last update 01 August 2012

 

TOP

Malware :

Family: