SecurityHome.eu TrojanDownloader:Win32/Tifen.A

Home / malware PDF

TrojanDownloader:Win32/Tifen.A

First posted on 27 April 2013.
Source: Microsoft
Aliases :
TrojanDownloader:Win32/Tifen.A is also known as TR/Dldr.Tifen.A.1 (Avira).
Explanation :

Installation

TrojanDownloader:Win32/Tifen.A is a trojan found encrypted in an image file detected as TrojanDownloader:Win32/Tifen.A!jpg. It is decrypted and run by a script detected as TrojanDownloader:VBS/Psyme.Y.

It creates the following registry entry so that it automatically runs once in your computer:

In subkey: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
Sets value: "Sqlinst"
With data: "<malware file name>"

Payload

Downloads other files

TrojanDownloader:Win32/Tifen.A checks if your default browser is Internet Explorer before downloading a file. It downloads a file from the website "officeservice.netau.net". The downloaded file is HTML that contains an encrypted executable. The decrypted executable is saved in your computer as "%TEMP%\ctfmine.exe" and is detected as Backdoor:Win32/Tifen.A.

Analysis by Daniel Chipiristeanu

Last update 27 April 2013

TOP

Malware :

Last 20

TrojanDownloader:Win32/Tifen.A

Aliases :

Explanation :

Malware :

Family: