Solutions for:
Home Products
Small Business
Medium Business
Enterprise
Vulnerabilities Threats
Home Threats Trojan-Dropper Java

Trojan-Dropper.Java.Xideo

Class
Trojan-Dropper
Platform
Java

Parent class: TrojWare

Trojans are malicious programs that perform actions which are not authorized by the user: they delete, block, modify or copy data, and they disrupt the performance of computers or computer networks. Unlike viruses and worms, the threats that fall into this category are unable to make copies of themselves or self-replicate. Trojans are classified according to the type of action they perform on an infected computer.

Class: Trojan-Dropper

Trojan-Dropper programs are designed to secretly install malicious programs built into their code to victim computers. This type of malicious program usually save a range of files to the victim’s drive (usually to the Windows directory, the Windows system directory, temporary directory etc.), and launches them without any notification (or with fake notification of an archive error, an outdated operating system version, etc.). Such programs are used by hackers to: secretly install Trojan programs and/or viruses protect known malicious programs from being detected by antivirus solutions; not all antivirus programs are capable of scanning all the components inside this type of Trojans.

Read more

Platform: Java

Java is a platform for developing and running programs written in the Java programming language.

Description

Technical Details

This Trojan is designed to install other Trojan programs to the victim machine without the knowledge or consent of the user. It is written in Java. The file is 42,155 bytes in size.

Payload

Once launched, the Trojan extracts the following files from itself, saves them to the Windows temporary directory, and launches them for execution:

  • xxxvideo.com (6 000 bytes, will be detected by Kaspersky Anti-Virus as Trojan.Win32.Alfora)
  • microsoft.com (15,360 bytes, will be detected by Kaspersky Anti-Virus as Trojan.Win32.Small.w)

    Removal instructions

    1. Delete the original Trojan file (the location will depend on how the program originally penetrated the victim machine).
    2. Delete xxxvideo.com and microsoft.com from the Windows temporary directory (%Temp%).
    3. Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).

    Read more

    Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com

    Found an inaccuracy in the description of this vulnerability? Let us know!
Kaspersky Next
Let’s go Next: redefine your business’s cybersecurity
Learn more
New Kaspersky!
Your digital life deserves complete protection!
Learn more
Related articles
18 April 2024
Securelist
DuneQuixote campaign targets Middle Eastern entities with “CR4T” malware
17 April 2024
Securelist
SoumniBot: the new Android banker’s unique techniques
15 April 2024
Securelist
Using the LockBit builder to generate targeted ransomware
12 April 2024
Securelist
XZ backdoor story – Initial analysis
28 March 2024
Securelist
DinodasRAT Linux implant targeting entities worldwide
20 March 2024
Securelist
Android malware, Android malware and more Android malware
Found an inaccuracy in the description of this vulnerability?
If you found a new Threat or Vulnerability, please, let us know by email:
newvirus@kaspersky.com
Found a new Threat or Vulnerability?
If you found a new Threat or Vulnerability, please, let us know by email:
newvirus@kaspersky.com
Solutions for
Home Products
Small Business
Medium Business
Enterprise
Select language
Sorting
Threat
Confirm changes?
Your message has been sent successfully.