Threat Database Trojans Mal/EncPk-AFN


By JubileeX in Trojans

Threat Scorecard

Threat Level: 90 % (High)
Infected Computers: 36
First Seen: January 22, 2013
Last Seen: July 24, 2020
OS(es) Affected: Windows

Mal/EncPk-AFN is a backdoor Trojan that circulates via a fake flight confirmation email supposedly coming from Lufthansa. The spam Lufthansa email message affects computer users in Germany. However, the deceptive Lufthansa flight confirmation email may also attack PC users in any other country. The subject of the fraudulent email is 'Flugdetails & Reiseinformationen'. The bogus Lufthansa email includes a malevolent file called '' attached. Mal/EncPk-AFN fools victims into clicking on the malevolent file attachment, even if they were not planning to visit any country. The attached ZIP file carries a file called 'Flugsheindetails.PDF.exe', obviously called in an effort to trick the unsuspecting PC users into thinking it is a .pdf file. If the recipient launches the application, he/she installs a harmful code onto the PC, concealing itself as 'svchost.exe' to reduce the suspicions of any computer user, who checks the list of running processes. A registry key of 'SunJavaUpdateSched' is also created. The code opens a backdoor on the victimized PC, which enables remote cybercriminals to transmit commands, and possibly steal information or install more malware infections on the corrupted PC. The .exe file is found as Mal/EncPk-AFN.


15 security vendors flagged this file as malicious.

Anti-Virus Software Detection
DrWeb Trojan.PWS.Stealer.2155
Kaspersky Trojan-PSW.Win32.Tepfer.gzbd
Panda Trj/CI.A
Fortinet W32/Zbot.JNQK!tr
AntiVir TR/Spy.ZBot.jnqk
Kaspersky Trojan-Spy.Win32.Zbot.jnqk
Avast Win32:Dropper-gen [Drp]
McAfee Artemis!311ADC8C829C
Ikarus Trojan-Downloader.Win32.Andromeda
AhnLab-V3 Trojan/Win32.Graftor
DrWeb Trojan.Winlock.7938
Kaspersky Trojan-Downloader.Win32.Andromeda.qic
Avast Win32:Downloader-SKC [Trj]

SpyHunter Detects & Remove Mal/EncPk-AFN

File System Details

Mal/EncPk-AFN may create the following file(s):
# File Name MD5 Detections
1. YOUTUBE.PLAYER.exe 311adc8c829cb40feb9af61c0f32b2e3 12
2. svcnost.exe eca782c54108f78b064dfcfc073dbb36 9
3. Flugsheindetails.PDF.exe


The following messages associated with Mal/EncPk-AFN were found:

Falls Sie diese Reiseinformation nicht oder nur teilweise lesen konnen, offnen Sie bitte die angehangte PDF-Version. Bitte antworten Sie nicht auf diese E-Mail. Direkt-Antworten an den Absender konnen nicht bearbeitet werden. Um mit Lufthansa in Kontakt zu treten, rufen Sie bitte den Hilfe & Kontakt-Bereich auf auf.

Flugscheindetails & Reiseinformationen in der beigefugten Datei

* Den Passenger Receipt (Rechnungsbeleg) erhalten Sie durch einen Klick auf die Flugscheinnummer bis 30 Tage nach Reisebeginn.


Most Viewed