Home / malware TrojanDropper:Win32/Swisyn
First posted on 03 April 2012.
Source: MicrosoftAliases :
There are no other names known for TrojanDropper:Win32/Swisyn.
Explanation :
TrojanDropper:Win32/Swisyn is a family of trojans that drops and executes arbitrary files on an infected computer. The dropped files may be potentially unwanted or malicious programs.
Top
TrojanDropper:Win32/Swisyn is a family of trojans that drops and executes arbitrary files on an infected computer. The dropped files may be potentially unwanted or malicious programs.
Dropped malware files may be embedded as resource files, often bundled with legitimate files in order to avoid being noticed by target users.
Installation
TrojanDropper:Win32/Swisyn may be installed by other malware.
Payload
Drops other malware
TrojanDropper:Win32/Swisyn drops component files; in the wild, we have observed the trojan dropping the following component files in the %AppData% folder:
- appdata.dll - detected as TrojanSpy:Win32/Talsab.A
- dllhost.exe - detected as TrojanSpy:Win32/Talsab.A
The component files may be used to:
- Report a successful installation to a remote site (for example, <remote site>\1stemail.php)
- Register malicious DLLs on the infected computer
- Perform clean-up routine for some dropped files
- Install application hooks on the infected computer
TrojanDropper:Win32/Swisyn has also been observed dropping the following malware:
- Backdoor:Win32/Bifrose.HM
- Backdoor:Win32/Farfli.K
- Backdoor:Win32/Fynloski.A
- Backdoor:Win32/Hupigon.gen!H
- Backdoor:Win32/Hupigon.CK
- Backdoor:Win32/Morix.B
- Backdoor:Win32/PcClient.CM
- Backdoor:Win32/Zegost.L
- VirTool:Win32/DelfInject.gen!AF
Analysis by Zarestel Ferrer
Last update 03 April 2012
