Overlays and Red Herrings

The Small Trojan downloader family has recently added new hallmark traits to the latest W32 variants, specifically W32/Small.AAB!tr. This particular variant performs the following actions: Malware.exe creates and executes its modified copy %Temp%\hhcbrnaff.exe via the ShellExecute API. Malware.exe is deleted. %Temp%\hhcbrnaff.exe creates, downloads and executes %Temp%\hhgnrddkjee.exe via the ShellExecute API. Note: In this example, Malware.exe refers to the file name of the original ma...

Leave a Reply