Home / malware Trojan:Win64/Sirefef.U
First posted on 09 May 2012.
Source: MicrosoftAliases :
Trojan:Win64/Sirefef.U is also known as Backdoor.Win64.ZAccess.bh (Kaspersky), Zero Access (other), W64/Malware!55c8 (Command).
Explanation :
Trojan:Win64/Sirefef.U is a component of Win64/Sirefef - a multi-component family of malware that moderates your Internet experience by modifying search results, and generates pay-per-click advertising revenue for remote attackers. The Sirefef family consists components that perform various functions, such as downloading updates and additional components, hiding existing components, or performing a payload.
Installation
Trojan:Win64/Sirefef.U is installed by variants of Win64/Sirefef.
Payload
Installs other malware
When run, it installs a copy of the trojan which is detected as Win64/Sirefef.Y. The malware has been observed to have file names such as the following:
- irenum.dll
- dmserver.dll
- imagedrv.dll
- ino_flpy.dll
- svcwmu.dll
- wlmel51b.dll
- AppnBase.dll
Win64/Sirefef provides functions for Win64/Sirefef to monitor malware services currently running, and to install other components of the Sirefef family of malware.
Analysis by Marianne Mallen
Last update 09 May 2012
