Home / malware TrojanClicker:MSIL/Ezbro.C
First posted on 30 December 2014.
Source: MicrosoftAliases :
There are no other names known for TrojanClicker:MSIL/Ezbro.C.
Explanation :
Threat behavior
Installation
Payload
Connects to a remote host
We have seen this threat connect to a remote host, including:Malware can connect to a remote host to do any of the following:
- finder.strangled.net using port 80
This malware description was published using automated analysis of file SHA1 3931e131c8622635d0a91ddc17577d087d4d28bb. Symptoms
- Check for an Internet connection
- Download and run files (including updates or other malware)
- Report a new infection to its author
- Receive configuration or other data
- Receive instructions from a malicious hacker
- Search for your PC location
- Upload information taken from your PC
- Validate a digital certificate
The following can indicate that you have this threat on your PC:
- You see a mutex such as:
- __PDH_PLA_MUTEX__
- Global\MSDTC_STATS_EVENT
- Global\MSDTC_STATS_FILE
- Local\Mutex_MSOSharedMem
- MSDTC_Perf_Library_Lock_PID_904
- PerfOS_Perf_Library_Lock_PID_904
- PSched_Perf_Library_Lock_PID_904
- RSVP_Perf_Library_Lock_PID_904
- Tcpip_Perf_Library_Lock_PID_904
- Win64_86xKernelMutex1
Last update 30 December 2014
