SecurityHome.eu Trojan:JS/Reveton.A

Home / malware PDF

Trojan:JS/Reveton.A

First posted on 25 January 2013.
Source: Microsoft
Aliases :
There are no other names known for Trojan:JS/Reveton.A.
Explanation :

Trojan:JS/Reveton.A is a JavaScript file that is dropped by variants of Trojan:Win32/Reveton, and is used as part of the their installation process.

The JavaScript is commonly dropped by Trojan:Win32/Reveton in the "%ALLUSERSPROFILE%\Application Data" folder with a file name that is the reverse of the name of its dropper, for example:

If the Trojan:Win32/Reveton dropper uses the file name "malware.dll", the JavaScript will be created as "%ALLUSERSPROFILE%\Application Data\erawlam.js".

The malicious JavaScript's only function is to use the legitimate system file "rundll32.exe" to launch the Trojan:Win32/Reveton dropper component.

For more information regarding Trojan:Win32/Reveton, please refer to the family description.

Analysis by Amir Fouda

Last update 25 January 2013

TOP

Malware :

Last 20

Family:

Trojan:JS/Reveton.A