My Bitdefender
  • 0 Shopping Cart

SHARE
THIS ON

Facebook Twitter Google Plus

Trojan.Exploit.ANOP

MEDIUM
MEDIUM
aprox 2kb
(TrojanDownloader:Win32/Small.gen!B, HTML/Silly.Gen, Downloader.Psyme.dh)

Symptoms

There are no obvious signs until the attacker manages to infiltrate the system ( the final downloaded malware varies ).

Removal instructions:

Set the kill bit for the CLSID 7F5E27CE-4A5C-11D3-9232-0000B48A05B2.

You can find information about setting a kill bit here.

Please let BitDefender disinfect your files.

Analyzed By

Daniel Chipiristeanu, virus researcher

Technical Description:

This is another campaign which uses a chain of exploits ( similar to Trojan.Exploit.SSX ) and tries to download and execute other malware onto the affected computer, by using different exploit for various vulnerable applications.
Hence we can discover the usual technique of stealing whichever exploit available and putting it to work on the website owned by malware distributors. Here are some of them found on the website [removed].teseku.info :
  1. iframes leading to exploits for Flash Player which try to download another malware (Trojan.Delf.POH).
  2. exploit for SSReader consisting in a buffer overflow vulnerability in the "LoadPage" function of an ActiveX control with the following CLSID : 7F5E27CE-4A5C-11D3-9232-0000B48A05B2. With a special crafted parameter to the function, arbitrary code can be executed. This exploit downloads the same malware mentioned before.