JS_DLOADER.SMGA
JS_DLOADER.SMGA is a JavaScript Trojan that exploits a vulnerability CVE-2012-1875 in Internet Explorer, which is addressed in MS12-037 bulletin. The certain vulnerability is known as (MS12-037) Cumulative Security Update for Internet Explorer (2699988), which is used to drop possibly infectious files. When JS_DLOADER.SMGA exploits the vulnerability, it drops and runs infected files on the affected PC. JS_DLOADER.SMGA can spread via remote insecure websites. JS_DLOADER.SMGA also invades the particular websites for distributing malicious files. JS_DLOADER.SMGA can distribute another malware infection, a backdoor Trojan found as BKDR_AGENT.BCSG. Unlike exploit document files, JS_DLOADER.SMGA collects the operating system version and language used in the targeted PC by using a simple script. When JS_DLOADER.SMGA exploits CVE-2012-1875, it runs a Heap Spray method for executing a specific shellcode. Though JS_DLOADER.SMGA successfully exploits CVE-2012-1875, its code cannot jump to the specified Heap Spray because of Data Execution Prevention (DEP) found on affected programs such as IE8 and IE9. To evade DEP, this exploit uses return-oriented programming (ROP) method to check system environment like operating systems and languages. JS_DLOADER.SMGA uses a specific script in order to recognize the loaded modules in memory at different addresses, which are based on operating system and language information. Then, depending on the affirmed system information, JS_DLOADER.SMGA creates a specific ROP code.
SpyHunter Detects & Remove JS_DLOADER.SMGA
File System Details
# | File Name | MD5 |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
---|---|---|---|
1. | %User Temp%\log.gif | ||
2. | file.html | e05a487dd056046a345632d734737f5e | 0 |
3. | nav.html | d0f88e2cc744093fe25479a2c964e2fe | 0 |
4. | ver1.html | 085933ac6c62181a9fcbbc6e2a2f5bde | 0 |
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.