Home / malware

PDF

Trojan:Win32/Sirefef.CA

First posted on 12 September 2013.
Source: Microsoft

Aliases :

There are no other names known for Trojan:Win32/Sirefef.CA.

Explanation :

Threat behavior Trojan:Win32/Sirefef.CA is a malicious program that is unable to spread of its own accord. It may perform a number of actions of an attacker's choice on an affected computer.

Installation

Trojan:Win32/Sirefef.CA creates the following files on your computer:

• %windir%\assembly\gac\desktop.ini - detected as Trojan:Win32/Sirefef.AB
• <system folder> \config\appevent.evt
• <system folder> \config\sysevent.evt

The malware utilizes code injection to hinder detection and removal. When Trojan:Win32/Sirefef.CA runs, it may inject code into running processes, including the following:

• explorer.exe
• services.exe

Payload

Terminates processes
Trojan:Win32/Sirefef.CA terminates the following processes should they be running on an affected computer:

• explorer.exe
• services.exe

Contacts remote host
The malware may contact a remote host at j.maxmind.com using port 80. Commonly, malware may contact a remote host for the following purposes:

• To report a new infection to its author
• To receive configuration or other data
• To download and execute arbitrary files (including updates or additional malware)
• To receive instruction from a remote attacker
• To upload data taken from the affected computer

This malware description was produced and published using our automated analysis system's examination of file SHA1 405d087a31593047ceef4b1b594b3210b51de0d2.Symptoms

System changes

The following system changes may indicate the presence of this malware:

• The presence of the following files:
  
  

%windir%\assembly\gac\desktop.ini
<system folder>\config\appevent.evt
<system folder>\config\sysevent.evt

Last update 12 September 2013

 

TOP