Home / malware TrojanDownloader:ASX/Wimad.DI
First posted on 08 March 2012.
Source: MicrosoftAliases :
There are no other names known for TrojanDownloader:ASX/Wimad.DI.
Explanation :
TrojanDownloader:ASX/Wimad.DI is a specially crafted Advanced Systems Format (.ASF) file that attempts to download files to an affected computer.
Top
TrojanDownloader:ASX/Wimad.DI is a specially crafted Advanced Systems Format (.ASF) file that attempts to download files to an affected computer.
Installation
TrojanDownloader:ASX/Wimad.DI may arrive on the computer as a media file, with one of the following file extensions:
- .asf
- .mp2
- .mp3
- .wma
- .wmv
Upon running the file in Windows Media Player, the trojan will connect to a URL from which it attempts to download arbitrary files.
Payload
Downloads arbitrary files
The trojan takes advantage of a DRM (Digital Rights Management) feature in order to download a file from playsong.mediasongplayer.com. At the time of analysis, the downloaded file was not available.
In the wild, we have observed the trojan connecting to the following URL to download files:
playsong.mediasongplayer.com/lt21.cgi?DlgX=700&DlgY=600
Analysis by Alden Pornasdoro
Last update 08 March 2012
