Home / malware Downloader.Escelar
First posted on 13 May 2015.
Source: SymantecAliases :
There are no other names known for Downloader.Escelar.
Explanation :
The Trojan may arrive by way of malicious email attachments.
Once executed, the Trojan creates the following files:
%UserProfile%/Application Data/[COMPROMISED HOST NAME].exe%UserProfile%/Application Data/[COMPROMISED HOST NAME].glp%Temp%\Windows.jpg.exe
The Trojan creates the following registry entry so that it runs every time Windows starts:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"[COMPROMISED HOST NAME]" = "%UserProfile%/Application Data/[COMPROMISED HOST NAME].exe"
Next, the Trojan may connect to a compromised remote database server and perform SQL queries in order to download the following file stored in the database:
%Temp%\Windows.jpg.exe (Infostealer.Escelar)Last update 13 May 2015
