Home / malware Trojan:Win32/Patched.AO
First posted on 06 November 2015.
Source: MicrosoftAliases :
There are no other names known for Trojan:Win32/Patched.AO.
Explanation :
Threat behavior
Installation
This threat modifies the Microsoft DNS Client API DLL file dnsapi.dll in an attempt to override and load another host file other than the default host file.
Payload
Reroutes network traffic
This threat modifies the file dnsapi.dll which allows it to reroute network traffic.
We have observed the DLLs detected as Trojan:Win32/Patched.AO can redirect to either one of the following instead of the default\drivers\etc\hosts file:
\agaj\purm\fil.dat \azi\kioq\hucs.dat \botd\uono\ufa.dat \bufj\hir\rudd.dat \duc\lio\rinji.dat \eugu\pusi\sar.dat \fafp\iihe\ieg.dat \giun\mepd\uaf.dat \jaij\sul\muks.dat \javd\oaqu\wyk.dat \jecw\taf\meup.dat \jhdu\jamk\uji.dat \jhgo\kac\ufis.dat \jod\ahal\yrap.dat \jod\nal\ebimq.dat \leu\fum\bulbi.dat \liv\miwp\alop.dat \lokf\feid\top.dat \mis\cedw\riee.dat \nusv\ejuu\mhr.dat \ogon\gonb\owa.dat \ovi\milu\jitg.dat \qeb\pud\ififx.dat \qesf\ofup\zin.dat \ragj\phio\fam.dat \ruet\auu\faaj.dat \ruyc\jek\seaj.dat \shdu\efep\lub.dat \taop\abu\cent.dat \tin\nalf\jiqt.dat \usi\zuod\cogn.dat \uwo\zee\duawv.dat \viag\noa\fiih.dat \vuu\wuzr\sild.dat \wao\yvop\nalf.dat \woo\uusi\wauf.dat \wowt\darz\sei.dat
Analysis by Jireh Sanico
Symptoms
Alerts from your security software might be the only symptom.
Last update 06 November 2015