Threat Database Trojans Trojan.Foxhiex

Trojan.Foxhiex

Threat Scorecard

Threat Level: 80 % (High)
Infected Computers: 79
First Seen: January 24, 2018
Last Seen: February 4, 2022
OS(es) Affected: Windows

Trojan.Foxhiex is a general detection name used by cybersecurity vendors referring to a Computer Trojan distributed via malvertising (corrupted ads). Attackers associated with the Foxhiex have been observed to use advertisements published on sites with pornographic content and redirect users to unsafe URLs. Loading the bad links triggers the download of an encrypted file along with a JS file, which decrypts the threat payload and loads it into the system memory. Trojan.Foxhiex is used by cybercrooks to send waves of spam emails and facilitate the distribution of other threats.

PC users infected with Trojan.Foxhiex may not notice its presence considering the threat requires minimal system resources to run and does not slow down the machine. The Foxhiex Trojan might be spotted by experienced network experts since the threat performs multiple connections to various email services. The data sent out by the Foxhiex Trojan is relayed via the standard port 8080 using a hidden instance of Internet Explorer. Computer security researchers reported that the Foxhiex Trojan might create the following directories:

C:\Users\username\Application Data\
C:\Users\username\MetaData\
C:\Users\username\Microsoft\Crypto
C:\Users\username\datawork\

The executable that have been used by Trojan.Foxhiex include:

6239.exe
Hype Rat Beta.exe
Whilling.exe
aaaa.exe
ghetto.exe

The Trojan.Foxhiex may inject code into the host process in Windows — svchost.exe to avoid detection. The primary executable for the Foxhiex Trojan might be stored in protected folders and guarded memory blocks on the system drive. It is recommended to remove Trojan.Foxhiex with the help of a trusted anti-malware product. AV companies are using the following detection names to tag variants of the Foxhiex Trojan:

  • Backdoor.Breut
  • PWSZbot-FABL!91B6826CEFA7
  • Troj/MSIL-VZ
  • Gen:Variant.Kazy.363616
  • Troj_Foxhiex.kh
  • Trojan ( 004987c81 )
  • Trojan.Win32.Foxhiex.buq
  • Trojan/Foxhiex.aq
  • W32/Foxhiex.AEQ!tr
  • MSIL:Injector-IZ [Cryp]
  • Win.Trojan.Agent-737491
  • TROJ_GEN.R0CBC0PFJ14

SpyHunter Detects & Remove Trojan.Foxhiex

File System Details

Trojan.Foxhiex may create the following file(s):
# File Name MD5 Detections
1. file.exe 8dc681c56027f5fb3fc3bd13568ee65c 1

Registry Details

Trojan.Foxhiex may create the following registry entry or registry entries:
Regexp file mask
%APPDATA%\Microsoft Software\Windows Idle Driver\Idle Driver.exe

Trending

Most Viewed

Loading...