Home / malware TrojanDownloader:Win32/Facerf.A
First posted on 12 January 2010.
Source: SecurityHomeAliases :
TrojanDownloader:Win32/Facerf.A is also known as Trojan-Downloader.Win32.Delf.xol (Kaspersky), Trojan.DownLoader.origin (Dr.Web), Win32/TrojanDownloader.Delf.PEX (ESET), Trojan.DL.Win32.DelfCode.gev (Rising AV).
Explanation :
TrojanDownloader:Win32/Facerf.A is a trojan that downloads and executes arbitrary files from a remote host. To disguise itself, it is signed with a valid digital certificate, which is possibly stolen.
Top
TrojanDownloader:Win32/Facerf.A is a trojan that downloads and executes arbitrary files from a remote host. To disguise itself, it is signed with a valid digital certificate, which is possibly stolen. Payload Downloads and executes arbitrary filesTrojanDownloader:Win32/Facerf.A connects to a remote host to download and execute a file in the affected system. In the wild, it has been observed to contact the following host:down.wan555.com The downloaded file is saved as "%Program Files%\gspc2.exe", and is deleted at the next Windows start. Sends information to a remote hostTrojanDownloader:Win32/Facerf.A connects to "wx888.cc" to send information about the affected system. Additional InformationA file detected as TrojanDownloader:Win32/Facerf.A may have valid digital certificate properties:
Analysis by Chun FengLast update 12 January 2010
