Threat Database Trojans JS_EXPLT.QYUA


By JubileeX in Trojans

Threat Scorecard

Ranking: 4,722
Threat Level: 20 % (Normal)
Infected Computers: 2,039
First Seen: January 27, 2012
Last Seen: September 15, 2023
OS(es) Affected: Windows

JS_EXPLT.QYUA is a precarious Trojan which is used by HTML_EXPLT.QYUA to exploit a recently and publicly disclosed vulnerability, the MIDI Remote Code Execution Vulnerability (CVE-2012-0003). The said vulnerability is triggered when Windows Multimedia Library in Windows Media Player (WMP) fails to deal with a specially crafted MIDI file and finally enables remote attackers to execute arbitrary code. HTML_EXPLT.QYUA is a malicious HTML which has been found hosted on the web page hxxp://images.{BLOCKED} HTML_EXPLT.QYUA exploits the vulnerability by using two components that are also hosted on the same web page. A JavaScript JS_EXPLT.QYU is one of the two detected files. The other one is a MIDI file detected as TROJ_MDIEXP.QYUA. HTML_EXPLT.QYUA calls TROJ_MDIEXP.QYUA to trigger the exploit, and uses JS_EXPLT.QYUA to decode the shellcode embedded in the body of HTML_EXPLT.QYUA's.


JS_EXPLT.QYUA may call the following URLs:


Most Viewed