Home / malware TrojanDropper:Win32/Sirefef.B
First posted on 20 October 2019.
Source: MicrosoftAliases :
TrojanDropper:Win32/Sirefef.B is also known as Dropper/Smiscer.79360.B, W32/Dropper.AYXZ, W32/Obfuscated.T, Trojan.DR.Smiscer!DcK/dp3l7Dg, Trojan horse Crypt.NSQ, TR/Drop.Smiscer.HF.1, Trojan.Generic.IS.439387, Win32/Sirefef.Z, BackDoor.Maxplus.6, Win32/Sirefef.P, Trojan-Dropper.Win32.Smiscer, Trojan-Dropper.Win32.Smiscer.hf, Trj/Dropper.WF, Trojan.Win32.Generic.51F92A9D, Mal/EncPk-NL, Trojan-Dropper.Win32.Smiscer.hl, TROJ_Gen.CX34I8, ZeroAccess rootkit, ZeroAccess more.
Explanation :
TrojanDropper:Win32/Sirefef.B is a trojan that drops Win32/Sirefef, a multi-component family. When executed, TrojanDropper:Win32/Sirefef.B attempts to replace a randomly selected system driver. It may however avoid the following drivers: win32k.sys ndis.sys The replaced driver may be detected as Virus:Win32/Sirefef.I, and will be loaded by TrojanDropper:Win32/Sirefef.B. It also drops two other Win32/Sirefef components, which may be detected as Trojan:Win32/Sirefef.C and Trojan:WinNT/Sirefef.C. These dropped components may not present in the affected system as plain files, instead, they reside in a volume created by TrojanDropper:Win32/Sirefef.B. TrojanDropper:Win32/Sirefef.B may also contact server 85.17.239.212 for the purpose of reporting infection statistics. Analysis by Chun Feng
Last update 20 October 2019