Home / malware Trojan:JS/Pagins.gen!A
First posted on 11 April 2012.
Source: MicrosoftAliases :
Trojan:JS/Pagins.gen!A is also known as JS/Agent.NEZ (ESET), MalJSAppLd-A (Sophos).
Explanation :
Trojan:JS/Pagin.gen!A is an obfuscated JavaScript trojan that can be injected into a legitimate webpage; the JavaScript may quietly direct the affected user to a specified URL, from which it attempts to load a Java class file. Such Java class files can have virtually any purpose.
Top
Trojan:JS/Pagin.gen!A is an obfuscated JavaScript trojan that can be injected into a legitimate webpage; the JavaScript may quietly direct the affected user to a specified URL, from which it attempts to load a Java class file. Such Java class files can have virtually any purpose.
In the wild, we have observed the trojan attempting to connect to the following URLs to load the Java class files:
- "over.tetono.in/0267" to load "cltrcslhvbea.jtkjqshyqcu.class"
- "of.towyb.in/0577" to load "jmennvlywkscqdbp.acjalqklkfvfltadas.class"
- "what.qecuqe.in/0103" to load "seyvrnwkujkvhfperjc.jatcuajstlkdeb.class"
- "they.lazuc.in/0752" to load "jmennvlywkscqdbp.acjalqklkfvfltadas.class"
- "think.lazuc.in/0824" to load "jmennvlywkscqdbp.acjalqklkfvfltadas.class"
- "go.loanxs.in/0348" to load "edmkrbvtkvusjbqh.njfrdtcatahhtruydb.class"
- "stat.qytul.in/0731" to load "jmennvlywkscqdbp.acjalqklkfvfltadas.class"
Note: The above list is not exhaustive, and at the time of writing, these sites were no longer available.
Analysis by Hong Jia
Last update 11 April 2012