Home / malwarePDF  

TrojanDownloader:Win32/Slishow.A


First posted on 14 September 2012.
Source: Microsoft

Aliases :

There are no other names known for TrojanDownloader:Win32/Slishow.A.

Explanation :



TrojanDownloader:Win32/Slishow.A is a trojan that downloads arbitrary files, and disguises itself as a Microsoft PowerPoint Show (.PPS).

Installation

The trojan may arrive on your computer via a spam email as an attachment, or you may download it. In the wild, we have observed the trojan using the following file names:

  • motivacao-presentes-arvore-de-natal.pps.scr
  • SABEDORIA_CHINESA.PPS.scr
  • VISITA+DO+ANJO+DA+GUARDA!.pps.exe


When it runs, the trojan drops a Microsoft PowerPoint Show (.PPS) as the following:

%windir%\Wpps.pps

The PowerPoint may resemble any of the following:













Payload

Downloads and executes arbitrary files

The trojan automatically starts the slideshow.

TrojanDownloader:Win32/Slishow.A silently downloads and executes files, possibly malware, while the PowerPoint Show is being displayed. In the wild, we have observed the trojan contacting the following URLs to download these files:

  • dc535.4shared.com/download/E_D2AP7_/WEEKEND2.zip
  • dc535.4shared.com/download/oJi82f9g/WEEKEND3.zip
  • dc589.4shared.com/download/_-46q9H9/WEEKEND1.zip
  • ff09d01.filefactory.com/dlp/wbke54o0xwl//t/77f4756c7660a09d9d7da80f8e86846a/n/WEEKEND1.zip
  • ff09d02.filefactory.com/dlp/3gviogkrv4nx//t/ea1d4ad78a9bc0936f59b7a0e213b45a/n/WEEKEND2.zip
  • fileden.com/files/2010/11/23/3022736/NewYearsDay/W2.jpg
  • fileden.com/files/2010/11/23/3022736/NewYearsDay/W3.jpg
  • fileden.com/files/2010/11/23/3022736/NewYearsDay/W4.jpg
  • fileden.com/files/2012/2/15/3265468/My Documents/WEEKEND1.zip
  • fileden.com/files/2012/2/15/3265468/My Documents/WEEKEND2.zip
  • fileden.com/files/2012/3/12/3277596/My Documents/WEEKEND1.zip
  • fileden.com/files/2012/3/12/3277596/My Documents/WEEKEND2.zip
  • fileden.com/files/2012/3/12/3277596/My Documents/WEEKEND3.zip
  • snapdrive.net/files/565525/W22.jpg
  • snapdrive.net/files/565525/W33.jpg
  • snapdrive.net/files/565525/W44.jpg




Analysis by Ric Robielos

Last update 14 September 2012

 

TOP

Malware :

Family: