Home / malware TrojanDownloader:Win32/Smarpiyasa.B
First posted on 23 August 2011.
Source: SecurityHomeAliases :
There are no other names known for TrojanDownloader:Win32/Smarpiyasa.B.
Explanation :
TrojanDownloader:Win32/Smarpiyasa.B is a trojan that connects to a remote server, possibly to download other files. It also changes the Internet Explorer home page.
Top
TrojanDownloader:Win32/Smarpiyasa.B is a trojan that connects to a remote server, possibly to download other files. It also changes the Internet Explorer home page.
Installation
TrojanDownloader:Win32/Smarpiyasa.B is present in the computer as the following file:
- C:\Winx64\Systems\fullsx.exe
It also creates the following registry entry so that it automatically executes every time Windows starts:
In subkey: HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Sets value: "x64pro"
With data: "C:\Winx64\Systems\fullsx.exe"
Payload
Connects to a server
TrojanDownloader:Win32/Smarpiyasa.B connects to the server "arka<removed>x.com", possibly to download other files. As of this writing, the website is unavailable.
Modifies browser home page
It modifies the following registry entry, which changes the Internet Explorer home page:
In subkey: HKCU\Software\Microsoft\Internet Explorer\Main
Sets value: "Start page"
With data: "http://www.hemenara.net"
Analysis by Jingli Li
Last update 23 August 2011
