SecurityHome.eu Ransom:JS/Reveton.A

Home / malware PDF

Ransom:JS/Reveton.A

First posted on 23 May 2014.
Source: Microsoft
Aliases :
There are no other names known for Ransom:JS/Reveton.A.
Explanation :
Threat behavior

Trojan:JS/Reveton.A is a JavaScript file that is dropped by variants of Trojan:Win32/Reveton, and is used as part of the their installation process.

The JavaScript is commonly dropped by Trojan:Win32/Reveton in the "%ALLUSERSPROFILE%\Application Data" folder with a file name that is the reverse of the name of its dropper, for example:

If the Trojan:Win32/Reveton dropper uses the file name "malware.dll", the JavaScript will be created as "%ALLUSERSPROFILE%\Application Data\erawlam.js".

The malicious JavaScript's only function is to use the legitimate system file "rundll32.exe" to launch the Trojan:Win32/Reveton dropper component.

For more information regarding Trojan:Win32/Reveton, please refer to the family description.

Analysis by Amir Fouda

Symptoms

There are no common symptoms associated with this threat. Alert notifications from installed antivirus software may be the only symptoms.

Last update 23 May 2014

TOP

Malware :

Last 20

Family:

Ransom:JS/Reveton.A