SecurityHome.eu Backdoor:Win32/Plugx.X!lnk

Home / malware PDF

Backdoor:Win32/Plugx.X!lnk

First posted on 26 October 2016.
Source: Microsoft
Aliases :
There are no other names known for Backdoor:Win32/Plugx.X!lnk.
Explanation :
Installation

This threat is dropped as a Word document link file contained in RAR compressed files.

Payload

This threat downloads the files in the background using BITS transfer jobs:

hxp://wwwhanksmilkcom/2txt - saved as 2.PS1 in %TEMP% folder

hxp://wwwhanksmilkcom/v3txt - saved as V3.TXT in %TEMP% folder

The link file executes 2.PS1 to decode the file inside V3.TXT. The decoded file is saved and executed in %TEMP% directory as H.EXE. This executable file is detected as Backdoor:Win32/Plugx.X.

Analysis by Zarestel Ferrer
Last update 26 October 2016

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20

Family:

Backdoor:Win32/Plugx.X
Backdoor:Win32/Plugx.X!lnk