Home / malwarePDF  

Trojan:Win32/Febipos.B!dll


First posted on 14 November 2013.
Source: Microsoft

Aliases :

There are no other names known for Trojan:Win32/Febipos.B!dll.

Explanation :

Threat behavior

Installation

Trojan:Win32/Febipos.B!dll can be installed Trojan:Win32/Febipos.B. It is installed to %APPDATA%\WService.dll.

It creates the following registry entries:

In subkey: HKEY_CLASSES_ROOT\CLSID\{3543619C-D563-43f7-95EA-4DA7E1CC396A}
Sets value: (default)
With data: "MicrosoftSecurityPlugin"

In subkey: HKEY_CLASSES_ROOT\CLSID\{3543619C-D563-43f7-95EA-4DA7E1CC396A}\InProcServer32
Sets value: (default)
With data: "%appdata%\WService.dll"

In subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3543619C-D563-43f7-95EA-4DA7E1CC396A}
Sets value: (default)
With data: "MicrosoftSecurityPlugin"

In subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3543619C-D563-43f7-95EA-4DA7E1CC396A}\InProcServer32
Sets value: (default)
With data: "%appdata%\WService.dll"

In subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{3543619C-D563-43f7-95EA-4DA7E1CC396A}

Payload

This threat loads Trojan:JS/Febipos.E to Internet Explorer.



Analysis by Jonathan San Jose

Symptoms

The following could indicate that you have this threat on your PC:

  • You see a detection of Trojan:JS/Febipos.E from your security software
  • You see these entries or keys in your registry:


In subkey: HKEY_CLASSES_ROOT\CLSID\{3543619C-D563-43f7-95EA-4DA7E1CC396A}
Sets value: (default)
With data: "MicrosoftSecurityPlugin"

In subkey: HKEY_CLASSES_ROOT\CLSID\{3543619C-D563-43f7-95EA-4DA7E1CC396A}\InProcServer32
Sets value: (default)
With data: "%appdata%\WService.dll"

In subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3543619C-D563-43f7-95EA-4DA7E1CC396A}
Sets value: (default)
With data: "MicrosoftSecurityPlugin"

In subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3543619C-D563-43f7-95EA-4DA7E1CC396A}\InProcServer32
Sets value: (default)
With data: "%appdata%\WService.dll"

In subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{3543619C-D563-43f7-95EA-4DA7E1CC396A}

Last update 14 November 2013

 

TOP

Malware :

Family: