SecurityHome.eu TrojanDropper:JS/Xibow.A

Home / malware PDF

TrojanDropper:JS/Xibow.A

First posted on 02 April 2015.
Source: Microsoft
Aliases :
There are no other names known for TrojanDropper:JS/Xibow.A.
Explanation :
Threat behavior

Installation
This threat can create files on your PC, including:

%TEMP%\vlt.bat - detected as Ransom:BAT/Xibow.H

It may arrive in the system as attachment inside emails. We have seen it use the following names for the attachments:

ÐÂÐºÑÂ‚ ÑÂÐ²ÐµÑÂ€ÐºÐ¸ Ð·Ð° Ð¼Ð°ÑÂ€ÑÂ‚ 2015 Ð³Ð¾Ð´Ð°ÐºÑÂ‚_ÑÂÐ²ÐµÑÂ€ÐºÐ¸_(Ð¼Ð°ÑÂ€ÑÂ‚)_2015_Ð³Ð¾Ð´_Ð¿Ð¾_Ð¸ÑÂ‚Ð¾Ð³Ð°Ð¼_Ð¿ÐµÑÂ€Ð²Ð¾Ð³Ð¾_ÐºÐ²Ð°ÑÂ€ÑÂ‚Ð°Ð»Ð°_ÑÂÐ¾Ð³Ð»Ð°ÑÂÐ¾Ð²Ð°Ð½Ð¾_Ð±ÑÂƒÑÂ…Ð³Ð°Ð»ÑÂ‚ÐµÑÂ€Ð¸ÐµÐ¹_-_Ð°ttÐ°ÑÂhmÐµnt_Dr.WÐµb_SÑÂÐ°nnÐµd_--_OK.dÐ¾ÑÂx_.js

Ð°_ ÑÂÐ¾ÑÂÑÂ‚Ð°Ð²Ð»ÐµÐ½Ð¾ Ð·Ð°Ð¼ Ð³Ð»Ð°Ð²Ð½Ð¾Ð³Ð¾ Ð±ÑÂƒÑÂ…Ð³Ð°Ð»ÑÂ‚ÐµÑÂ€Ð° ÑÂÐ¾Ð³Ð»Ð°ÑÂÐ¾Ð²Ð°Ð½Ð¾ ÑÂ€ÑÂƒÐºÐ¾Ð²Ð¾Ð´Ð¸ÑÂ‚ÐµÐ»ÐµÐ¼ Ð¿ÑÂ€ÐµÐ´Ð¿ÑÂ€_Ð¡ÐÂÐÂ›Ð¬ÐÂ”ÐÂž Ð½Ð° 24.03.2015 doÑÂx.js

Payload

Installs malware or unwanted software

This trojan can install other malware or unwanted software onto your PC. The dropped malware is usually a member of the Ransom:BAT/Xibow family.

Additional information

This malware description was published using automated analysis of file SHA1 2f4d245b368e13946c214e7693622918e27a019b.

Symptoms

The following can indicate that you have this threat on your PC:

You see a file similar to:

%TEMP%\vlt.bat

Last update 02 April 2015

TOP

Malware :

Last 20

TrojanDropper:JS/Xibow.A

Aliases :

Explanation :

Malware :

Family: