Home / malwarePDF  

Trojan:Win32/Almanahe.B.dll


First posted on 15 February 2019.
Source: Microsoft

Aliases :

Trojan:Win32/Almanahe.B.dll is also known as Win32/Almanahe.F, W32/Alman-E, Trojan.Camcone.A, Virus.Win32.Alman.a, W32/Almanahe.dr, W32.Almanahe.B, TROJ_ALMANAHE.AC.

Explanation :

Installation Trojan:Win32/Almanahe.B.dll installs the following files on your PC: %windir% linkinfo.dll - detected as TrojanDownloader:Win32/Agent driversisdrv118.sys - detected as Trojan:WinNT/Almanahe.B!sys unxxx.bat - batch file that deletes Almanahe.B.dll after it has carried out its trojan routine It also creates the file "\\.\DL5CProc", which is used by the malware file "linkinfo.dll" to communicate with "isdrv118.sys". Payload The file detected as TrojanDownloader:Win32/Agent terminates certain security and system processes. It tries to infect certain files with malicious code. It also tries to spread to the network via shared folders, even those that are password-protected.   The file detected as Trojan:WinNT/Almanahe.B!sys acts as a rootkit that prevents the dropped files from being removed or deleted.   Analysis by Andrei Florin Saygo

Last update 15 February 2019

 

TOP