Home / malware Downloader.Feraw
First posted on 01 April 2015.
Source: SymantecAliases :
There are no other names known for Downloader.Feraw.
Explanation :
The Trojan may be dropped and executed by other malware.
Once executed, the Trojan creates the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Windrmsrv
The Trojan then creates a service with the following properties:
Service name: WindrmsrvDisplay name: Windows DRM ServiceDescription: Provides Windows Media Player's digital-media rights manager service. If this service is stopped, Windows Media Player will not play medias with DRM protectionStartup type: Automatic
The Trojan may then perform the following actions on the compromised computer:
Encrypt filesDownload executable code from a provided URL and decrypt and execute the code in memory
Note: The URL is variable and is supplied by the attacker.Last update 01 April 2015
