Threat Database Trojans Packed.Generic.402


By Domesticus in Trojans

Threat Scorecard

Threat Level: 90 % (High)
Infected Computers: 11
First Seen: April 18, 2013
Last Seen: January 10, 2022
OS(es) Affected: Windows

Packed.Generic.402 has been used in various social engineering scams that attempt to take advantage of trending news in order to entice inexperienced computer users into clicking on malicious links contained in spam email messages. Packed.Generic.402, in particular, has attracted attention because of the sad nature of its attacks. Criminals are capitalizing with the widespread panic and uncertainty after the terrible Boston Marathon bombing. Only a few hours after the attack, spam email messages containing subject lines related to this incident started to appear in computer users' in- boxes. These spam email messages seem to originate in Latvia and Ukraine.

About twenty percent of all spam email sent out a few days after the incident in Boston contained subject lines referencing the event in some way. This tactic of taking advantage of trending news stories is not a new development; in recent years every important news story, from the election of a new pope to the death of Michael Jackson and the spring of a new iPhone version will usually be accompanied with a spam email campaign attempting to take advantage of computer users likely opening unsolicited email messages. Of course, PC security researchers strongly advise against receiving news from unsolicited email messages. Instead, computer users should refer to reputable media outlets instead of continuing to open unsolicited email messages from dubious sources.

The Infection Process Used by Packed.Generic.402

Once the victim clicks on the embedded link on the malicious email message, it will lead to a website that includes what looks like to be a YouTube video. While the video plays a news story related to the Boston Marathon bombing (or to the trending news story that is being used to distribute Packed.Generic.402), an exploit kit executes a malicious code on the victim's computer by taking advantage of vulnerabilities in the victim's web browser, applications or operating system. The most common exploit kit associated with Packed.Generic.402 attacks is the RedKit Exploit Kit. If the malicious code is executed successfully, Packed.Generic.402 will install its malicious files on the victim's computer and make dangerous changes to the infected computer's settings. Packed.Generic.402 is a password stealing Trojan that can be utilized to swindle passwords and login information for online accounts, banking information and other sensitive data from the infected computer.


14 security vendors flagged this file as malicious.

Anti-Virus Software Detection
Ikarus Virus.Agent
McAfee-GW-Edition Heuristic.LooksLike.Win32.Suspicious.E
AntiVir TR/Waledac.EB.2
DrWeb BackDoor.SlymENT.1498
Kaspersky HEUR:Trojan.Win32.Generic
AVG Generic_s.BBL
Fortinet W32/Kryptik.X!tr
AhnLab-V3 Trojan/Win32.Tepfer
McAfee-GW-Edition Heuristic.LooksLike.Win32.Suspicious.B
DrWeb Trojan.Fakealert.37412
Kaspersky Trojan.Win32.FakeAV.qxph
Avast Win32:FakeAV-ENP [Trj]
Symantec Packed.Generic.402
McAfee Generic-FAGQ!38A5233318B2

SpyHunter Detects & Remove Packed.Generic.402

File System Details

Packed.Generic.402 creates the following file(s):
# File Name MD5 Detections
1. B02E87CE3C0D42810000B02DD7A74966.exe 38a5233318b2fb611b6fd1095e58b75a 9
2. temp13.exe 9761e53715897183f7e5d3ecb009630d 1
3. boston.avi_______.exe N/A


Most Viewed