SecurityHome.eu Trojan:Win32/Lioris.A

Home / malware PDF

Trojan:Win32/Lioris.A

First posted on 12 February 2014.
Source: Microsoft
Aliases :
There are no other names known for Trojan:Win32/Lioris.A.
Explanation :
Threat behavior

Installation

Trojan:Win32/Lioris.A creates the following files on your PC:

%windir%\assembly\nativeimages_v2.0.50727_32\temp\zap14.tmp\system.management.instrumentation.dll

%windir%\assembly\nativeimages_v2.0.50727_32\temp\zap16.tmp\system.management.dll

%windir%\assembly\nativeimages_v2.0.50727_32\temp\zap17.tmp\microsoft.jscript.dll

%windir%\assembly\nativeimages_v2.0.50727_32\temp\zap18.tmp\microsoft.vsa.dll

%windir%\assembly\nativeimages_v2.0.50727_32\temp\zap19.tmp\system.net.dll

Payload

Contacts remote host

Trojan:Win32/Lioris.A might contact a remote host at tools.google.com using port 80. Commonly, malware does this to:

Report a new infection to its author

Receive configuration or other data

Download and run files, including updates or other malware

Receive instructions from a remote hacker

Upload data taken from your PC

This malware description was produced and published using automated analysis of file SHA1 f304fdef8224db7e16069ef753d60d899ae046dd.Symptoms

System changes

The following could indicate that you have this threat on your PC:

You have these files:

%windir%\assembly\nativeimages_v2.0.50727_32\temp\zap14.tmp\system.management.instrumentation.dll
%windir%\assembly\nativeimages_v2.0.50727_32\temp\zap16.tmp\system.management.dll
%windir%\assembly\nativeimages_v2.0.50727_32\temp\zap17.tmp\microsoft.jscript.dll
%windir%\assembly\nativeimages_v2.0.50727_32\temp\zap18.tmp\microsoft.vsa.dll
%windir%\assembly\nativeimages_v2.0.50727_32\temp\zap19.tmp\system.net.dll

Last update 12 February 2014

TOP

Malware :

Last 20

Family:

Trojan:Win32/Lioris.A