SecurityHome.eu Trojan.Sofacy

Home / malware PDF

Trojan.Sofacy

First posted on 04 November 2014.
Source: Symantec
Aliases :
There are no other names known for Trojan.Sofacy.
Explanation :
The Trojan is a malicious DLL file usually dropped by specially crafted documents containing exploits.

Once executed, the Trojan connects to the following remote locations:
[http://]scanmalware.info/ch[REMOVED][http://]malwarecheck.info/ch[REMOVED][http://]adawareblock.com/ch[REMOVED][http://]checkmalware.org/ch[REMOVED]
It then gathers the following information from the compromised computer and sends it to the remote attacker:
Computer nameOperating system versionList of processes including name, ID, and path
The Trojan then downloads potentially malicious files from a remote site and executes them.
Last update 04 November 2014

TOP

Malware :

None in database

Last 20

Family:

Trojan:W32/Qhost.JE
Trojan-Downloader:HTML/Agent.DY
Trojan.Cidox!kmem
Trojan.Ransomlock!g75
Trojan.Klovbot!gen2
Trojan.Poweliks!gm
Trojan.Shylock!gen9
Trojan-Dropper:W32/Agent.CMW
Trojan-Downloader:W32/Agent.TPF
Trojan:SymbOS/Bootton.I