Home / malware Trojan:Win32/Godzilia.A
First posted on 17 November 2016.
Source: MicrosoftAliases :
There are no other names known for Trojan:Win32/Godzilia.A.
Explanation :
Installation
This threat is designed to act as an intermediary malware within an infection chain. For example, a user may unwittingly open a malicious email attachment, which may lead to installation of this loader. It may also come in through an exploit kit infection chain.
When executed, it will drop a copy of itself in the %ProgramFiles% folder:
For example, c:\program files\heareilwjiwelgh.exe
This threat also creates a .lnk file in program startup folder:
For example, c:\users\administrator\appdata\roaming\microsoft\windows\start menu\programs\startup\lq1zwa3v3e0uanu.lnk
Payload
Connects to a remote host
We have seen this threat attempt to connect to a remote host:Malware can connect to a remote host to do any of the following:
- srconvent.com<> at TCP port 80
- Download and run files (including updates or other malware)
- Report a new infection to its author
- Receive configuration or other data
Downloads and installs other malware
We have seen this threat download and install other malware. It stores the payload %TEMP% folder. For example, C:\Users\\AppData\Local\Temp\RFiaD4ViC4JA9rviMnKTPQKDh.exe detected as Ransom:Win32/Locky.
Analysis by Meths FerrerLast update 17 November 2016
