Home / malware Exploit:JS/Coolex.A
First posted on 15 February 2019.
Source: MicrosoftAliases :
Exploit:JS/Coolex.A is also known as Cool Exploit Kit, Exploit.JS.Pdfka.ggz, Cooexp.A, EXP/JS.Expack.CO, JS/Exploit-Blacole.gq, Mal/ExpJS-AN.
Explanation :
Installation
Exploit:JS/Coolex.A is loaded if you visit a malicious or compromised webpage. Your browser may be redirected to another webpage containing the exploit code detected as Exploit:JS/Coolex.A, which tries to install malware on your computer based on what programs you have installed. If you have Java, Adobe Flash, or Adobe Reader in your computer, it may try to exploit certain software vulnerabilities in these programs to install malware.
Payload
Installs other malware
Exploit:JS/Coolex.A has been observed to install malware from the following websites:
50c07f225fecc.fleetsystems.net 50c082f00b2e1.inda-gro.com 50c0dc0222e58.thevellumgroup.org 50c1ffd59006c.bizlegacy.com 50c2128b7c4d9.business-finesse.com fiqaurdarmirah.myvnc.com geurdenfiqaur.zapto.org glass.thebeardjesus.com hear.minneapolisoutdoorkitchens.com lead.money4swimmerwolves.com night.faaknowledgetests.com
In the wild, we have observed it attempting to install variants from the Trojan:Win32/Reveton family of ransomware trojansĀ that may lock your computer and demand payment of a supposed fine.
For more information on ransomware, please seeĀ our FAQs at http://www.microsoft.com/security/portal/Shared/Ransomware.aspx.
To install malware, Exploit:JS/Coolex.A tries to exploit the following vulnerabilities:
CVE-2012-0507 CVE-2012-4681 CVE-2012-1723 CVE-2010-0188 CVE-2011-2110 Related encyclopedia entries
Trojan:Win32/Reveton
Analysis by Sergey ChernyshevLast update 15 February 2019