Home / malwarePDF  

TrojanDownloader:Win32/Dalexis.F


First posted on 23 April 2015.
Source: Microsoft

Aliases :

There are no other names known for TrojanDownloader:Win32/Dalexis.F.

Explanation :

Threat behavior

Installation

This threat can be installed on your PC when you open a spam email attachment. The spam email attachment is usually a CAB file.

We have seen spam emails using the email address of the recipient as the malicious attachment file name. For example, if your email address is abcd@domain.com the spam email attachment would be called abcd@domain.com.cab

When attachment is opened it shows an SCR file with the same name.

If you open the SCR file the malware installs an RTF file to %TEMP% and opens it.

Payload

Downloads other malware

This threat can download malware from the Critroni family onto your PC.

We have seen it contact the following servers to download other malware:

  • altervista.org//efax.jpg
  • ambiente4u.eu//efax.jpg
  • amberaffair.org.au//efax.jpg
  • bmws1vc.altervista.org//efax.jpg
  • philippineswebservices.com//efax.jpg
  • piccolochef.com//efax.jpg
  • pupillenwijhe92.nl//efax.jpg
  • samberaffair.org.au//efax.jpg
  • scalextric.hostei.com//efax.jpg
  • scottwall.com//efax.jpg
  • sintjoep.nl//efax.jpg
  • sompex.de//efax.jpg
  • stocksandstares.co.uk//efax.jpg


Additional information

See the Win32/Dalexis family descripiton for more information.



Analysis by Allan Sepillo

Symptoms

Alerts from your security software might be the only symptom.

Last update 23 April 2015

 

TOP

Malware :