Home / malware Trojan:Win32/Joinkjot.A
First posted on 16 September 2014.
Source: MicrosoftAliases :
There are no other names known for Trojan:Win32/Joinkjot.A.
Explanation :
Threat behavior
Installation
Trojan:Win32/Joinkjot.A copies itself to the following locations:
The malware changes the following registry entries so that it runs each time you start your PC:
- c:\documents and settings\administrator\application data\bsxixqnuiujvw.exe
- c:\documents and settings\administrator\start menu\programs\startup\bifukjnfy.exe
In subkey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Sets value: "vlwjzrxaapmhvhesg"
With data: "c:\documents and settings\administrator\application data\bsxixqnuiujvw.exe"
Payload
Contacts remote hosts
Trojan:Win32/Joinkjot.A may contact the following remote hosts using port 80:
- 162.26.240.44
- 90.119.140.122
Commonly, malware does this to:This malware description was produced and published using automated analysis of file SHA1 5a73fd3ee6ce63a57832ac03c1319cb704bfa83d.Symptoms
- Confirm Internet connectivity
- Report a new infection to its author
- Receive configuration or other data
- Download and run files, including updates or other malware
- Receive instructions from a remote hacker
- Upload data taken from your PC
System changes
The following could indicate that you have this threat on your PC:
- You have these files:
c:\documents and settings\administrator\application data\bsxixqnuiujvw.exe
c:\documents and settings\administrator\start menu\programs\startup\bifukjnfy.exeSets value: "vlwjzrxaapmhvhesg"
- You see these entries or keys in your registry:
With data: "c:\documents and settings\administrator\application data\bsxixqnuiujvw.exe"
In subkey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunLast update 16 September 2014
