Home / malware

PDF

TrojanSpy:Win32/Jamivec.A

First posted on 01 July 2014.
Source: Microsoft

Aliases :

There are no other names known for TrojanSpy:Win32/Jamivec.A.

Explanation :

Threat behavior

Installation

TrojanSpy:Win32/Jamivec.A copies itself to the following locations:

• c:\documents and settings\administrator\application data\microsoft\javec.exe
• c:\documents and settings\administrator\local settings\temp\malware.dat\.exe
• c:\microsoft\javec.exe

The malware creates the following files on your PC:

• \device\null
• c:\documents and settings\administrator\application data\install.imp
• c:\documents and settings\administrator\application data\imlgs\10-04-2014

Payload

Contacts remote host

TrojanSpy:Win32/Jamivec.A might contact a remote host at 162.248.98.46 using port 9003. Commonly, malware does this to:

• Report a new infection to its author
• Receive configuration or other data
• Download and run files, including updates or other malware
• Receive instructions from a remote hacker
• Upload data taken from your PC

This malware description was produced and published using automated analysis of file SHA1 688203ad7c7068c3c2096fdd2a13be244839e295.Symptoms

System changes

The following could indicate that you have this threat on your PC:

• You have these files:
  
  \device\null
  c:\documents and settings\administrator\application data\install.imp
  c:\documents and settings\administrator\application data\imlgs\10-04-2014
  c:\documents and settings\administrator\application data\microsoft\javec.exe
  c:\documents and settings\administrator\local settings\temp\malware.dat\.exe
  c:\microsoft\javec.exe

Last update 01 July 2014

 

TOP