Warning: Creating default object from empty value in /home/ethical/public_html/wp-content/themes/platform/includes/class.layout.php on line 164

Warning: Creating default object from empty value in /home/ethical/public_html/wp-content/themes/platform/includes/class.layout.php on line 167

Warning: Creating default object from empty value in /home/ethical/public_html/wp-content/themes/platform/includes/class.layout.php on line 170

Warning: Creating default object from empty value in /home/ethical/public_html/wp-content/themes/platform/includes/class.layout.php on line 173

Warning: Creating default object from empty value in /home/ethical/public_html/wp-content/themes/platform/includes/class.layout.php on line 176

Warning: Creating default object from empty value in /home/ethical/public_html/wp-content/themes/platform/includes/class.layout.php on line 178

Warning: Creating default object from empty value in /home/ethical/public_html/wp-content/themes/platform/includes/class.layout.php on line 180

Warning: Creating default object from empty value in /home/ethical/public_html/wp-content/themes/platform/includes/class.layout.php on line 202

Warning: Creating default object from empty value in /home/ethical/public_html/wp-content/themes/platform/includes/class.layout.php on line 206

Warning: Creating default object from empty value in /home/ethical/public_html/wp-content/themes/platform/includes/class.layout.php on line 224

Warning: Creating default object from empty value in /home/ethical/public_html/wp-content/themes/platform/includes/class.layout.php on line 225

Warning: Creating default object from empty value in /home/ethical/public_html/wp-content/themes/platform/includes/class.layout.php on line 227

Warning: Creating default object from empty value in /home/ethical/public_html/wp-content/themes/platform/includes/class.layout.php on line 321

Warning: Creating default object from empty value in /home/ethical/public_html/wp-content/themes/platform/includes/class.layout.php on line 321

Warning: Creating default object from empty value in /home/ethical/public_html/wp-content/themes/platform/includes/class.layout.php on line 321

Warning: Creating default object from empty value in /home/ethical/public_html/wp-content/themes/platform/includes/class.layout.php on line 321

Warning: Creating default object from empty value in /home/ethical/public_html/wp-content/themes/platform/admin/class.options.metapanel.php on line 56

Warning: Creating default object from empty value in /home/ethical/public_html/wp-content/themes/platform/admin/class.options.metapanel.php on line 49
July | 2012 | Certified Ethical Hackers Security Analyst Malware Hacking Information | Page 2
From the monthly archives: July 2012

Technical Details

This Trojan opens different websites in the browser without the user’s knowledge. It is a Windows PE EXE file. It is 16 416 bytes in size. It is written in Visual Basic.

Payload

The Trojan launches “Explorer” by sending the following link in parameters:

http://www.****etgy.com/cpm/10102/10194.jsp?s=11054&dm=2

The Explorer then launches the default browser and opens the downloaded link in its window.
The Trojan then ceases running.

Technical Details

This Trojan downloads other malicious programs from the Internet and launches them for execution without the user’s knowledge. It is a Visual Basic script. It is 3564 bytes in size.

Payload

Once launched, the Trojan downloads files from the following URL addresses:

http://adminlz***600.org/img/T1gANoXmXwXXcGRBI1_1001.gif

http://adminlz***600.org/img/T1gANoXmXwXXcGRBI1_1002.gif

http://adminlz***600.org/img/T1gANoXmXwXXcGRBI1_1003.gif

http://adminlz***600.org/img/T1gANoXmXwXXcGRBI1_1004.gif

http://adminlz***600.org/img/T1gANoXmXwXXcGRBI1_1005.gif

http://adminlz***600.org/img/T1gANoXmXwXXcGRBI1_1006.gif

http://adminlz***600.org/img/T1gANoXmXwXXcGRBI1_1007.gif

http://adminlz***600.org/img/T1gANoXmXwXXcGRBI1_1008.gif

http://adminlz***600.org/img/T1gANoXmXwXXcGRBI1_1009.gif

http://adminlz***600.org/img/T1gANoXmXwXXcGRBI1_1010.gif

At the time of writing, these links were inactive. It saves downloaded files under the following names, respectively:
c:\windows\Resources\1001.exe
c:\windows\Resources\1002.exe
c:\windows\Resources\1003.exe
c:\windows\Resources\1004.exe
c:\windows\Resources\1005.exe
c:\windows\Resources\1006.exe
c:\windows\Resources\1007.exe
c:\windows\Resources\1008.exe
c:\windows\Resources\1009.exe
c:\windows\Resources\1010.exe
The Trojan then launched downloaded files for execution and in a hidden mode launches Internet Explorer where it opens the following link:

http://adminlz***600.org/img/gg.htm?vbs31

Set your Twitter account name in your settings to use the TwitterBar Section.