Home / malware Exploit:Win32/ShellCode.gen!C
First posted on 15 February 2019.
Source: MicrosoftAliases :
Exploit:Win32/ShellCode.gen!C is also known as Exploit.JS.Senglot, JS/BoF.J, SCRIPT.Virus, Trojan.Maliframe!html, Trojan.Script.6869.
Explanation :
In the wild, we have seen Exploit:Win32/ShellCode.gen!C use exploits that are often maliciously modified versions of the Metasploit proof on concept exploit framework (a series of exploits that are used for the legitimate testing of security systems) and can vary greatly. These exploits can include:
CVE-2008-1309 ActiveX control remote code execution exploit in Real Player in rmoc3260.dll CVE-2008-1044 ActiveX control UploadLogs() buffer overflow exploit in Move Networks Quantum Streaming Player CVE-2008-0443 ActiveX control buffer overflow exploit in Lycos FileUploader CVE-2007-4515 ActiveX control buffer overflow exploit in Yahoo! Messenger CVE-2008-0551 Buffer overflow exploit in Sejoong Namo ActiveSquare6 in NamoInstaller.dll
We have observed the exploits downloading files from the following servers:
n.gan360.com w.qqnetcn.cn
Analysis by Jeong MunLast update 15 February 2019
