Home / malware TrojanDownloader:Win32/Dalexis.F
First posted on 23 April 2015.
Source: MicrosoftAliases :
There are no other names known for TrojanDownloader:Win32/Dalexis.F.
Explanation :
Threat behavior
Installation
This threat can be installed on your PC when you open a spam email attachment. The spam email attachment is usually a CAB file.
We have seen spam emails using the email address of the recipient as the malicious attachment file name. For example, if your email address is abcd@domain.com the spam email attachment would be called abcd@domain.com.cab
When attachment is opened it shows an SCR file with the same name.
If you open the SCR file the malware installs an RTF file to %TEMP% and opens it.
Payload
Downloads other malware
This threat can download malware from the Critroni family onto your PC.
We have seen it contact the following servers to download other malware:
- altervista.org/
/efax.jpg - ambiente4u.eu/
/efax.jpg - amberaffair.org.au/
/efax.jpg - bmws1vc.altervista.org/
/efax.jpg - philippineswebservices.com/
/efax.jpg - piccolochef.com/
/efax.jpg - pupillenwijhe92.nl/
/efax.jpg - samberaffair.org.au/
/efax.jpg - scalextric.hostei.com/
/efax.jpg - scottwall.com/
/efax.jpg - sintjoep.nl/
/efax.jpg - sompex.de/
/efax.jpg - stocksandstares.co.uk/
/efax.jpg
Additional information
See the Win32/Dalexis family descripiton for more information.
Analysis by Allan Sepillo
Symptoms
Alerts from your security software might be the only symptom.
Last update 23 April 2015
