Description of template Trojan.Win32.Oficla.w

It can be said that this is a quite special type of malicious program - with a mechanism and way of operation that is different from the models that were previously known . They can perform many destructive actions such as deleting, preventing access, editing or copying users' data, blocking network access speed and other functions in the same system. Therefore, we can consider this a very versatile Trojan variant - understandably, they are compiled from many other Trojans.

The type Trojan.Win32.Oficla.w - categorized and named by Kaspersky, is also known by the following names:

- Trojan.Win32.Agent.duxv (detected by Kaspersky Lab)
- Trojan: SpyAgent-br.dll (McAfee)
- Mal / Oficla-A (Sophos)
- Trj / Sinowal.WZZ (Panda)
- Trojan: Win32 / Oficla.M (MS (OneCare))
- Trojan.Oficla.38 (DrWeb)
- Win32 / Oficla.GN trojan (Nod32)
- Trojan.Oficla.S (BitDef7)
- Win32: Rootkit-gen [Rtk] (AVAST)
- Trojan.Win32.Oficla (Ikarus)
- Generic17.CFKT (AVG)
- TR / Spy.Inject.L (AVIRA)
- Trojan.Sasfis (NAV)
- W32 / Oficla.FJ (Norman)
- Trojan.Win32.Generic.5205573B (Rising)
- Trojan.Win32.Oficla.w [AVP] (FSecure)
- TROJ_DLOADR.SMVE (TrendMicro)
- Trojan.Win32.Sasfis.a (v) (Sunbelt)

Trojan.Win32.Oficla.w's first sign was discovered on April 26, 2010 at 21:24 GMT, they started operating one day later - April 27, 2010 at 3:50 GMT, and Analysis information is published on 07/07/2010 - 11:08 GMT.

Detailed technical analysis

Similar to other Trojan programs, they have the mechanism to automatically download and activate other malware when successfully compromised on the victim's computer. And when enabled, these Trojan programs will extract and create files of the Windows system (* .dll) in the system directory of the form:% system% thxr.wgo. At the same time, to be activated with Windows on startup, they will create key keys in the Registry as follows:

[HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWinlogon]
"Shell" = "Explorer.exe rundll32.exe thxr.wgo nwfdtx"

Payload process

When the installation is successful, the program will contact the main server:

http:///hu*********.ru /images/bb.php

Here they will receive the indicator signals with command syntax and parameters in the following form: "runurl":

- Download different files on temporary directory% temp% from the links specified above and activate them: "taskid"

- Specify the number of fixed tasks: "delay"

- Specify the servers that were contacted: "backurls"

- A list of addresses of supported servers that these malicious programs will connect to later. And all these addresses are stored in the key:

[HKLSOFTWAREClassesidid]
"reporturls"

- After this command performs the connection to the server, they will continue to receive control commands from other servers.

- Therefore, they can continuously download and install different types of malware on the victim's computer. At the time of this article, all the commands they receive are directed to the following unique file:

http:///russ**nmomds.ru/dogma.exe

- On the other hand, hackers can use these programs to change and reconfigure the malicious programs that will be used next on other servers.

Kareem Winters

Update 26 May 2019

You should read it

May be interested

How to write SEO standard description tag?
the site's description tag will provide google and other search engines with a summary of the content of the page or article. the description tag can be one or three simple sentences. google may use the content in the description as a snippet for the page, and display it in the search results if it matches the search user keyword.
13 beautiful event invitation card templates in Microsoft Word
if you plan to hold a celebration, a birthday party, a wedding or a weekend party, then creating your own invitation can save you a lot of time and money.
Change directory template in Windows 10
windows 10 includes 5 built-in templates to optimize the drive, folder and library view. this guide will show you how to optimize the drive, folder or library template for general items, documents, pictures, music or videos in windows 10.
9 great websites to download mockup templates for design
the mockup sites on this list are for all kinds of designs, such as t-shirts, devices, billboards, and anything else you can imagine your logo or design will be used on.
Description of the P2P-Worm.Win32.BlackControl.g template
with the name p2p worm - they are mainly spread through peer-to-peer sharing models like kazaa, grokster, edonkey, fasttrack, gnutella ...
How to use OneNote template
onenote 2016 has a lot of page templates. they provide you with built-in layouts with a variety of formatting options, helping you create clear and structured notes accordingly.
How to create a master template for presentations in Figma
if you're creating a stylized presentation, but don't want to use the familiar templates from powerpoint, google slides, or canva, you can create your own master template for future presentation designs.
How to Use Function Template Parameter Packs in C++
c++ template parameter packs (also known as variadic templates) were introduced in the c++11 standard and are powerful tools that let functions accept an arbitrary number of arguments. without further ado, jump into your favourite ide,...
How to create a Template template in Word 2007 and Word 2010
microsoft word supports users with a series of useful features, making the work of writing documents and documents faster and simpler. with these formats, operations ... often have to be used repeatedly in word instead of having to re-type a series of addresses
5 free HTML templates for creating web pages quickly
the following suggestions are simple templates that you can adjust to your own needs, to create a simple website. the template comes with instructions for you to use them even if you are a beginner to html.

Description of template Trojan.Win32.Oficla.w

You should read it

May be interested

Virus Removal - Spyware