Home / malware Trojan.Festalco
First posted on 11 October 2014.
Source: SymantecAliases :
There are no other names known for Trojan.Festalco.
Explanation :
When the Trojan is executed, it creates the following files: %UserProfile%\[RANDOM FILE NAME].exe %SystemDrive%\Hot fotos.exe %SystemDrive%\My Musik(2013).exe %SystemDrive%\Documents and Settings\All Users\Start Menu\Programs\Startup\[RANDOM FILE NAME].lnk
Next, the Trojan searches for files with the following extensions and attempts to corrupt any files found: accda accdb accdc accde accdp accdr accdt accdu acl ade adp asd cnv doc docm docx dot dotm dotx grv iaf laccdb maf mam maq mar mat mda mdb mde mdt mdw mpd mpp mpt oab obi oft olm one onepkg ops ost pa pip pot potm potx ppa ppam pps ppsm ppsx ppt pptm pptx prf pst pub puz rpmsg sldm sldx slk snp svd thmx vdx vsd vss vst vsx vtx wbk wll xar xl xla xlam xlb xlc xll xlm xls xlsb xlsm xlsx xlt xltm xltx xlw xsf xsn
The Trojan then renames the corrupted files as the following: (fEstasAzulCorrupta)
The Trojan then reports which files have been corrupted to the following remote location: [http://]www.oriontronproject.site11.com/post[REMOVED]files=[CORRUPTED FILE PATH]&user=[USER NAME]&machine=[COMPUTER NAME]&datetime=[DATE]Last update 11 October 2014