Home / malware Trojan.Emospam
First posted on 18 July 2015.
Source: SymantecAliases :
There are no other names known for Trojan.Emospam.
Explanation :
The Trojan may be downloaded by W32.Cridex.B.
When the Trojan is executed, it creates the following files:
%Temp%\mailsend[RANDOM LETTER][FIVE RANDOM NUMBERS]%Temp%\[RANDOM FILE NAME]
The Trojan may receive a list of email addresses from one of the following locations:
[http://]61.19.253.26:8080/[RANDOM LETTERS]/[RANDOM [REMOVED][http://]31.192.209.119:8080/[RANDOM LETTERS]/[RANDOM [REMOVED][http://]198.74.55.109:8080/[RANDOM LETTERS]/[RANDOM [REMOVED][http://]31.192.209.89:8080/[RANDOM LETTERS]/[RANDOM [REMOVED]
The Trojan may perform the following actions:
Obtain information about various profiles that it uses to send spamSend spam messages to email addresses on the received listSend spam emails with links to a website hosting W32.Cridex.BLast update 18 July 2015
