Home / malware Trojan.Jectin
First posted on 11 April 2015.
Source: SymantecAliases :
There are no other names known for Trojan.Jectin.
Explanation :
Once executed, the Trojan creates the following files:
%Temp%\~$dSwErkeQ31k4nFg.tmp %Temp%\~$st116051906127001.pdf %Temp%\~$st284483248627364.pdf %Temp%\~$oLfPqs4f6Ght431Lk3y10g.tmp %Temp%\olk.ps2
The Trojan may then connect to one or more of the following remote locations:
windowslayer.inu.mywindows24.inmain.windowskernel14.com209.190.20.59
The Trojan then opens a back door on the compromised computer, allowing an attacker to perform the following actions:
Create new rundll32.exe process and inject malicious code into itUpdate itselfCreate task to run itselfUninstall itself
The Trojan may also gather the following information from the compromised computer and send it to the attacker:
ScreenshotsTitles of active windowsKeystrokesIMAP user name and passwordPOP3 user name and passwordHTTP user name and passwordSMTP user name and passwordHTTP, IMAP, POP3, and SMTP server and port numbersLast update 11 April 2015
