WiryJMPer Dropper

WiryJMPer Dropper Description

Cybersecurity experts have detected a new Trojan dropper in the wild. It goes by the name ‘WiryJMPer’ and, so far, it has been used to deliver one particular malware strain, the NetWire RAT. The purpose of Trojan Droppers is to deliver an embedded payload and assisting it when it comes to evading sandboxes and anti-virus engines. Malware developers tend to use a wide range of tricks to increase their Trojan Dropper’s odds of beating the security tools their target may use – in the case of the WiryJMPer Dropper, the corrupted file is loaded with junk code, as well as with useless functions that iterate through random sections of the code without doing anything meaningful.

A Basic Dropper Being Used to Deliver a Threatening Remote Access Tool

Despite being able to stay hidden from the eyes of malware researchers for at least a few months, the verdict is that the WiryJMPer Dropper is certainly not a state-of-the-art Trojan. It packs very basic code obfuscation and techniques and also applies some social engineering tricks to reduce the victim’s interaction with the software. Currently, the only users infected by the WiryJMPer Dropper and the payload it brings are likely to be users of the ABBC Coin Wallet. This is a legitimate tool, and it will work just fine if you download it from an official and trustworthy source. However, the authors of the WiryJMPer Dropper are hosting bogus copies of the ABBC Coin Wallet that serves as a host of the Trojan dropper. It is safe to assume that the user group that the WiryJMPer Dropper is targeted to currently is going to be crypto-currency users.

Crypto-Currency Investors are the Current Targets of the WiryJMPer Dropper

If the users end up executing the fake ABBC Coin Wallet installer on their computers, they may see several swiftly flashing program windows immediately. It is not known if this action is intended or not, but you can rest assured that this will not happen if you attempt to run an unaltered copy of the ABBC Coin Wallet. The fake installer will then proceed to launch the legitimate ABBC Coin Wallet installer, but it also will begin loading the NetWire RAT files in the background. During this period, it also will check for the presence of certain strings, processes, and Registry entries associated with the activity of various virtual machine software and anti-virus engines. If the Trojan dropper does not detect a sandbox environment or the presence of malware analysis tools, it will proceed to drop the NetWire RAT’s files to ‘%APPDATA%,’ and then place an ‘.LNK’ file in the Startup folder to gain persistence.

It is likely that the WiryJMPer Dropper will be used in future campaigns that may rely on a different malware strain. At the moment, it is recommended to protect yourself from this threat by using a state-of-the-art anti-virus software suite, as well as avoiding to download files from non-trustworthy sources.

Do You Suspect Your PC May Be Infected with WiryJMPer Dropper & Other Threats? Scan Your PC with SpyHunter

SpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like WiryJMPer Dropper as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Note: SpyHunter's scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. Free Remover allows you to run a one-off scan and receive, subject to a 48-hour waiting period, one remediation and removal. Free Remover subject to promotional details and Special Promotion Terms. To understand our policies, please also review our EULA, Privacy Policy and Threat Assessment Criteria. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.

Security Doesn't Let You Download SpyHunter or Access the Internet?

Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.
If you still can't install SpyHunter? View other possible causes of installation issues.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.