Threat Database Trojans Trojan horse Dropper.Generic6.AOLY

Trojan horse Dropper.Generic6.AOLY

By Domesticus in Trojans

Trojan horse Dropper.Generic6.AOLY is a Trojan that affects VMware and Windows mobile devices. Trojan horse Dropper.Generic6.AOLY propagates via exploits and infected websites, as it's downloaded by a JAR package. Trojan horse Dropper.Generic6.AOLY has two versions, one for Windows, and the other for Mac. For Vmdk file infections Trojan horse Dropper.Generic6.AOLY reads the 'preferences.ini' file from VMware installation directory and searches for string '.vmx\' to get the vmx file path, which is the configuration file of a virtual machine. Then Trojan horse Dropper.Generic6.AOLY opens the vmx file and gets the path of vmdk file (VMWare Virtual Machine Disk Format). A vmdk file is the virtual disk of the virtual machine. After the vmdk file is placed, Trojan horse Dropper.Generic6.AOLY will affect it.

Trojan horse Dropper.Generic6.AOLY also affects Windows mobile devices. The process of corrupting a Windows mobile phone is almost similar to virtualization software, downloading and copying some files to affected directory. If the file 'autorun.zoo' occurs in Windows phone's directory, which means that this phone has been infected, Trojan horse Dropper.Generic6.AOLY will do nothing. Otherwise, Trojan horse Dropper.Generic6.AOLY copies the original 'autorun.exe' to 'autorun4.exe' and downloads a new 'autorun.exe' and 'autorun.zoo' in the same directory. Then, Trojan horse Dropper.Generic6.AOLY uses the RAPI (Remote API) 'CeCreateProcess' to execute 'autorun.exe'. Now, a malicious process is created in the phone. Trojan horse Dropper.Generic6.AOLY also infects removable devices by downloading 'autorun.inf' into root directory. While being executed successfully, Trojan horse Dropper.Generic6.AOLY will control all of the victim's operations, covering keylogging, controlling the screen and camera, accessing the clipboard, monitoring IM applications, such as MSN, Yahoo messenger, and others. Malicious JAR package is found as Trojan horse Dropper.Generic6.AOLY.

File System Details

Trojan horse Dropper.Generic6.AOLY may create the following file(s):
# File Name Detections
1. autorun.exe
2. autorun.inf
3. autorun.zoo

Trending

Most Viewed

Loading...