Home / malwarePDF  

Trojan:Win32/Patched.AO


First posted on 06 November 2015.
Source: Microsoft

Aliases :

There are no other names known for Trojan:Win32/Patched.AO.

Explanation :

Threat behavior

Installation

This threat modifies the Microsoft DNS Client API DLL file dnsapi.dll in an attempt to override and load another host file other than the default host file.

Payload

Reroutes network traffic

This threat modifies the file dnsapi.dll which allows it to reroute network traffic.

We have observed the DLLs detected as Trojan:Win32/Patched.AO can redirect to either one of the following instead of the default \drivers\etc\hosts file:

  • \agaj\purm\fil.dat
  • \azi\kioq\hucs.dat
  • \botd\uono\ufa.dat
  • \bufj\hir\rudd.dat
  • \duc\lio\rinji.dat
  • \eugu\pusi\sar.dat
  • \fafp\iihe\ieg.dat
  • \giun\mepd\uaf.dat
  • \jaij\sul\muks.dat
  • \javd\oaqu\wyk.dat
  • \jecw\taf\meup.dat
  • \jhdu\jamk\uji.dat
  • \jhgo\kac\ufis.dat
  • \jod\ahal\yrap.dat
  • \jod\nal\ebimq.dat
  • \leu\fum\bulbi.dat
  • \liv\miwp\alop.dat
  • \lokf\feid\top.dat
  • \mis\cedw\riee.dat
  • \nusv\ejuu\mhr.dat
  • \ogon\gonb\owa.dat
  • \ovi\milu\jitg.dat
  • \qeb\pud\ififx.dat
  • \qesf\ofup\zin.dat
  • \ragj\phio\fam.dat
  • \ruet\auu\faaj.dat
  • \ruyc\jek\seaj.dat
  • \shdu\efep\lub.dat
  • \taop\abu\cent.dat
  • \tin\nalf\jiqt.dat
  • \usi\zuod\cogn.dat
  • \uwo\zee\duawv.dat
  • \viag\noa\fiih.dat
  • \vuu\wuzr\sild.dat
  • \wao\yvop\nalf.dat
  • \woo\uusi\wauf.dat
  • \wowt\darz\sei.dat




Analysis by Jireh Sanico

Symptoms

Alerts from your security software might be the only symptom.

Last update 06 November 2015

 

TOP