Win32/FakeIE [Threat Name] go to Threat

Win32/FakeIE.AJ [Threat Variant Name]

Category trojan
Size 1198600 B
Detection created Jul 13, 2015
Detection database version 11933
Short description

The trojan has a simple payload. The trojan disguises itself as the Internet Explorer application.

Installation

The trojan does not create any copies of itself.


The trojan disguises itself as the Internet Explorer application.

Information stealing

The following information is collected:

  • a list of recently visited URLs

The collected information is stored in the following files:

  • %userprofile%\­Cookies
  • %userprofile%\­UserData

The data is saved in the following Registry key:

  • [HKEY_CURRENT_USER\­Software\­Microsoft\­Internet Explorer\­TypedURLs]
    • "url%number%" = "%url%"

A string with variable content is used instead of %number% .

Other information

The following Registry entries are created:

  • [HKEY_CURRENT_USER\­Software\­Microsoft\­Internet Explorer\­MAIN\­FeatureControl\­FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMPT]
    • "%malwarefilename%" = 1

The following Registry entry is deleted:

  • [HKEY_CURRENT_USER\­Software\­Microsoft\­Internet Explorer\­MAIN\­FeatureControl\­FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMPT]
    • "%malwarefilename%"

Please enable Javascript to ensure correct displaying of this content and refresh this page.