Home / malware TrojanDownloader:Win32/Harnig.S
First posted on 19 February 2019.
Source: MicrosoftAliases :
TrojanDownloader:Win32/Harnig.S is also known as Dropper/Malware.28160.JP, TR/Crypt.XPACK.Gen2, Win32/Renos.G!generic, Trojan.KillFiles.3081, Packed.Win32.Krap.ao, Downloader-AWM.gen.i, Mal/FakeAV-EA, FraudTool.Win32.FakeAV.hdd, Trojan.FakeAV!gen32, TROJ_FAKEAL.SMEP, TrojsnSpy.Zbot.Gen!Pac.16.
Explanation :
TrojanDownloader:Win32/Harnig.S is a trojan that attempts to download data instructing the trojan to further download and execute arbitrary files. InstallationThis trojan may be installed by other malware. It is UPX-packed and uses anti-emulation techniques to hinder analysis. When run, it injects its code into the running process "svchost.exe" and deletes the originally-running executable. Payload Downloads dataThe malware connects to a remote host and retrieves configuration information, which can instruct the malware to download and execute arbitrary files from other domains, for example: baquick.com
aacoast.com Downloaded files are saved and executed from the Temporary Files folder. Analysis by Francis Allan Tan SengLast update 19 February 2019
