Class: Trojan-Clicker
Programs classified as Trojan-Clicker are designed to access Internet resources (usually web pages). This is done either by sending appropriate commands to the browser or by replacing system files that provide “standard” addresses for Internet resources (such as the Windows hosts file). A malicious user may use Trojan-Clicker programs to: increase the number of visits to certain sites in order to boost the number of hits for online ads conduct a DoS (Denial of Service) attack on a particular server lead potential victims to viruses or Trojans.Read more
Platform: MSIL
The Common Intermediate Language (formerly known as Microsoft Intermediate Language, or MSIL) is an intermediate language developed by Microsoft for the .NET Framework. CIL code is generated by all Microsoft .NET compilers in Microsoft Visual Studio (Visual Basic .NET, Visual C++, Visual C#, and others).Family: Trojan.Win32.Small
No family descriptionExamples
281467421E9F2ABB90F26E87BFE6AC7B854DB03F6CBAFC138A285425108EFAE7
422ADA8F086C0CA9204DAFC2E3F34E2E
4D5EF2B1B1B01679BC34154EF0044267
6E9BFE8C563331454B1A5D3A53DE1142
Tactics and Techniques: Mitre*
An adversary may rely upon a user opening a malicious file in order to gain execution. Users may be subjected to social engineering to get them to open a file that will lead to code execution. This user action will typically be observed as follow-on behavior from Spearphishing Attachment. Adversaries may use several types of files that require a user to execute them, including .doc, .pdf, .xls, .rtf, .scr, .exe, .lnk, .pif, and .cpl.
An adversary may rely upon a user opening a malicious file in order to gain execution. Users may be subjected to social engineering to get them to open a file that will lead to code execution. This user action will typically be observed as follow-on behavior from Spearphishing Attachment. Adversaries may use several types of files that require a user to execute them, including .doc, .pdf, .xls, .rtf, .scr, .exe, .lnk, .pif, and .cpl.
Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Adversaries may set files and directories to be hidden to evade detection mechanisms. To prevent normal users from accidentally changing special files on a system, most operating systems have the concept of a ‘hidden’ file. These files don’t show up when a user browses the file system with a GUI or when using normal commands on the command line. Users must explicitly ask to show the hidden files either via a series of Graphical User Interface (GUI) prompts or with command line switches (dir /a for Windows and ls –a for Linux and macOS).
* © 2025 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.