Home / malwarePDF  

TrojanDownloader:ASX/Tracur.A


First posted on 13 September 2012.
Source: Microsoft

Aliases :

TrojanDownloader:ASX/Tracur.A is also known as Trojan-Downloader.WMA.Wimad (Ikarus), Trojan-Downloader.WMA.Wimad.ae (Kaspersky), Trojan-Downloader.WMA.Wimad.af (Kaspersky), Trojan.WMALoader (Dr.Web), WMA/Wimad.gen (Norman).

Explanation :



TrojanDownloader:ASX/Tracur.A is a malicious Windows media file that encourages you to download and run arbitrary files onto your computer.

These arbitrary files may be detected as other malware, such as Trojan:Win32/Tracur.A.

As the downloaded malware can only run if you open the arbitrary file, it is recommended that you do not run or open files that you are directed to download as a result of this trojan.



Installation

In the wild, we have observed TrojanDownloader:ASX/Tracur.A distributed as Windows Movie (WMV) media files with varied file names. These files may be downloaded or shared through file sharing websites.



Payload

Downloads other malware

TrojanDownloader:ASX/Tracur.A is a malicious media file, which uses the Advanced Streaming Format (ASF), and may appear with a .WMV file extension. When you open the file with Windows Media Player, the trojan urges you to download and execute an arbitrary file.

As the downloaded malware can only run if you open the arbitrary file, it is recommended that you do not run or open files that you are directed to download as a result of this trojan.

In the wild, we have observed TrojanDownloader:ASX/Tracur.A attempt to contact the IP address "91.217.153.48" and download the file "QuickTime_Update_KB531516.exe", detected as Trojan:Win32/Tracur.A.

Related encyclopedia entries

Trojan:Win32/Tracur.A



Analysis by Rodel Finones

Last update 13 September 2012

 

TOP