Home / malwarePDF  

TrojanDownloader:ASX/Wimad.BB


First posted on 17 September 2019.
Source: Microsoft

Aliases :

TrojanDownloader:ASX/Wimad.BB is also known as Trojan-Downloader.WMA.GetCodec.ab, ASF/Wimad!generic.

Explanation :

TrojanDownloader:ASX/Wimad is a detection for malicious Windows media files that are used in order to encourage users to download and execute arbitrary files on an affected machine. When opened with Windows Media Player, these malicious files open a particular URL in a web browser.TrojanDownloader:ASX/Wimad.BB is a malicious Advanced Streaming Format (ASF) file, which when opened by Windows Media Player, urges a user to download and execute an arbitrary file. In the wild, files detected as TrojanDownloader:ASX/Wimad.BB have been observed being distributed with file extensions such as .MP3 .ASF .WMA and .ASX. The file names used have been varied and enticing. At the time of writing Wimad.BB contacts 193.138.172.14 and attempts to download a file named mp3_codec_update.exe. At the time of writing the file was unavailable. We strongly suggest that users avoid downloading and executing any files when prompted by Windows Media Player upon opening streaming format files

Analysis by Oleg Petrovsky Installation

Last update 17 September 2019

 

TOP