SecurityHome.eu Downloader.Ajuxery

Home / malware PDF

Downloader.Ajuxery

First posted on 23 April 2014.
Source: Symantec
Aliases :
There are no other names known for Downloader.Ajuxery.
Explanation :
When the Trojan is executed, it creates the following registry entry:
HKEY_CURRENT_USER/Hdkhkqrcss/"License" = "[VIRUS IDENTIFIER]"

Next, the Trojan connects to the following remote locations:[http://]ecab-cap.com/libw6/jqu[REMOVED][http://]ecab-cap.com/libw6/aj[REMOVED]
The Trojan then downloads the following file from one of the previous remote locations:
%Temp%\UPDATEFLASHPLAYER_[RANDOM CHARACTERS].exe

The Trojan may download the following malware on to the compromised computer: Trojan.Cidox Trojan.FakeAV
The Trojan then creates the following file to delete itself from the compromised computer:
%Temp%\[RANDOM CHARACTERS].bat
Last update 23 April 2014

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20

Family:

Downloader.Chanitor!gm
Downloader.Upatre!gen6
Downloader.Upatre!gen4
Downloader.Ponik!gen12
Downloader.Upatre!gen10
Downloader.Ponik!gen10
Downloader.FakeAV
Downloader.Ponik!gen6
Downloader.Sesafer
Downloader.Upatre!gen3