Home / malware Trojan:Win32/Chenf.A
First posted on 12 April 2014.
Source: MicrosoftAliases :
There are no other names known for Trojan:Win32/Chenf.A.
Explanation :
Threat behavior Trojan:Win32/Chenf.A is a malicious program that is unable to spread of its own accord. It may perform a number of actions of an attacker's choice on an affected computer.
Installation
Trojan:Win32/Chenf.A copies itself to %programfiles%\googles\669\.exe. The malware creates the following files on your PC:
Note:
\google_guid.dat refers to a variable location that is determined when the malware queries your operating system. The default installation location for the system folder for Windows 2000 and NT is C:\Winnt\System32; and for XP, Vista, and 7 is C:\Windows\System32.
Payload
Contacts remote host
Trojan:Win32/Chenf.A might contact a remote host at mmy.mlcr0software.com using port 10010. Commonly, malware does this to:
- Report a new infection to its author
- Receive configuration or other data
- Download and run files, including updates or other malware
- Receive instructions from a remote hacker
- Upload data taken from your PC
This malware description was produced and published using automated analysis of file SHA1 11d8e07574c46a33b3a3f69cd7382c5253382cb4.Symptoms
System changes
The following could indicate that you have this threat on your PC:
- You have these files:
%programfiles%\googles\669\.exe
\google_guid.dat Last update 12 April 2014