SecurityHome.eu Trojan:Win64/Reveton

Home / malware PDF

Trojan:Win64/Reveton

First posted on 28 January 2014.
Source: Microsoft
Aliases :
There are no other names known for Trojan:Win64/Reveton.
Explanation :
Threat behavior

Installation

It might be found in \.pzz or .pss.

Trojan:Win32/Reveton looks for the data in this registry entry:

In subkey: HKLM\SYSTEM\ControlSet001\services\Winmgmt\Parameters\
Value: "ServiceDll"

It replaces the data with the path to the Win64/Reveton file so that Win64/Reveton is loaded every time Windows starts, along with the legitimate file svchost.exe.

Payload

Disables Windows firewall

Trojan:Win64/Reveton stops the Windows firewall by sending the command SERVICE_CONTROL_STOP to it.

Analysis by Stefan Sellmer

Symptoms

Alerts from your security software may be the only symptom.

Last update 28 January 2014

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20