Home / malwarePDF  

TrojanDropper:Win32/Sirefef.B


First posted on 20 October 2019.
Source: Microsoft

Aliases :

TrojanDropper:Win32/Sirefef.B is also known as Dropper/Smiscer.79360.B, W32/Dropper.AYXZ, W32/Obfuscated.T, Trojan.DR.Smiscer!DcK/dp3l7Dg, Trojan horse Crypt.NSQ, TR/Drop.Smiscer.HF.1, Trojan.Generic.IS.439387, Win32/Sirefef.Z, BackDoor.Maxplus.6, Win32/Sirefef.P, Trojan-Dropper.Win32.Smiscer, Trojan-Dropper.Win32.Smiscer.hf, Trj/Dropper.WF, Trojan.Win32.Generic.51F92A9D, Mal/EncPk-NL more.

Explanation :

TrojanDropper:Win32/Sirefef.B is a trojan that drops Win32/Sirefef, a multi-component family.  When executed, TrojanDropper:Win32/Sirefef.B attempts to replace a randomly selected system driver. It may however avoid the following drivers:  win32k.sys ndis.sys   The replaced driver may be detected as Virus:Win32/Sirefef.I, and will be loaded by TrojanDropper:Win32/Sirefef.B.  It also drops two other Win32/Sirefef components, which may be detected as Trojan:Win32/Sirefef.C and Trojan:WinNT/Sirefef.C. These dropped components may not present in the affected system as plain files, instead, they reside in a volume created by TrojanDropper:Win32/Sirefef.B.     TrojanDropper:Win32/Sirefef.B may also contact server 85.17.239.212 for the purpose of reporting infection statistics.  Analysis by Chun Feng

Last update 20 October 2019

 

TOP