Trojan.Win32.FireHooker

Last updated

Trojan.Win32.FireHooker or Trojan:Win32/FireHooker is the definition (from Kaspersky Labs) of a Trojan downloader, Trojan dropper, or Trojan spy created for the Windows platform. [1] Its first known detection goes back to September, 2015, according to the AVV Trend Micro.

In computing, a Trojan horse, or Trojan, is any malicious computer program which misleads users of its true intent. The term is derived from the Ancient Greek story of the deceptive wooden horse that led to the fall of the city of Troy.

A dropper is a kind of Trojan that has been designed to "install" some sort of malware to a target system. The malware code can be contained within the dropper (single-stage) in such a way as to avoid detection by virus scanners or the dropper may download the malware to the target machine once activated.

Spyware is software that aims to gather information about a person or organization, sometimes without their knowledge, that may send such information to another entity without the consumer's consent, that asserts control over a device without the consumer's knowledge, or it may send such information to another entity with the consumer's consent, through cookies.

Contents

Additional Info

This Malware requires its main component to successfully perform its intended routine as a .dll-file, by the name xul.dll. The file-size is about 5120 bytes. [2] The file is being dropped by s DNS blocking installer or additional installers bundled with DNSblockers.

Domain Name System Blocking, or DNS Blocking / Filtering is a strategy for making it difficult for users to locate specific domains or web sites on the Internet. It was first introduced in 1997 as a means to block spam email from known malicious IP addresses.

xul.dll, which is a known Mozilla Firefox DLL, loads in order to come to action the following APIs from the dll-file:

Other aliases

Avira Operations GmbH & Co. KG is a German multinational security software company mainly known for their antivirus software Avira Internet Security.

Bitdefender multinational cybersecurity technology company

Bitdefender is a Romanian cybersecurity and anti-virus software company. It was founded in 2001 by Florin Talpeș who is currently the CEO. Bitdefender develops and sells anti-virus software, internet security software, endpoint security software, and other cybersecurity products and services. Bitdefender was for many years the leading anti-virus software in the world.

ESET company

ESET is an IT security company that offers anti-virus and firewall products such as ESET NOD32. ESET is headquartered in Bratislava, Slovakia, and was awarded the recognition of the most successful Slovak company in 2008, 2009 and in 2010. It plays a significant role in overall Cybersecurity.

Related Research Articles

Antivirus software computer software to defend against malicious computer viruses

Antivirus software, or anti-virus software, also known as anti-malware, is a computer program used to prevent, detect, and remove malware.

FlashGet freeware download manager for Windows

FlashGet was a freeware download manager for Microsoft Windows. It was originally available in either paid or ad-supported versions, the latter of which included an Internet Explorer Browser Helper Object (BHO).

PGPCoder or GPCode is a trojan that encrypts files on the infected computer and then asks for a ransom in order to release these files, a type of behavior dubbed ransomware or cryptovirology.

CARO is an organization that was established in 1990 to research and study malware.

RavMonE, also known as RJump, is a Trojan that opens a backdoor on computers running Microsoft Windows. Once a computer is infected, the virus allows unauthorized users to gain access to the computer's contents. This poses a security risk for the infected machine's user, as the attacker can steal personal information, and use the computer as an access point into an internal network.

Storm Worm

The Storm Worm is a backdoor Trojan horse that affects computers using Microsoft operating systems, discovered on January 17, 2007. The worm is also known as:

ContraVirus is a rogue spyware application that poses as a legitimate anti-spyware program. The application uses a false scanner to force computer users to pay for the removal of non-existent spyware items. It may also be known as ExpertAntivirus.

VirusTotal website

VirusTotal is a website created by the Spanish security company Hispasec Sistemas. Launched in June 2004, it was acquired by Google Inc. in September 2012. The company's ownership switched in January 2018 to Chronicle, a subsidiary of Alphabet Inc..

Swizzor is a trojan horse. This Trojan program is a Windows PE EXE file, 62 KB in size.

Trend Micro Internet Security

Trend Micro Internet Security is an antivirus and online security program developed by Trend Micro for the consumer market. According to NSS Lab comparative analysis of software products for this market in 2014, Trend Micro Internet Security was fastest in responding to new internet threats.

Duqu is a collection of computer malware discovered on 1 September 2011, thought to be related to the Stuxnet worm and to have been created by Unit 8200. The Laboratory of Cryptography and System Security of the Budapest University of Technology and Economics in Hungary discovered the threat, analysed the malware, and wrote a 60-page report naming the threat Duqu. Duqu got its name from the prefix "~DQ" it gives to the names of files it creates.

Win32/Patched is a Computer Trojan targeting the Microsoft Windows operating system that was first detected in October 2008. Files detected as "Trojan.Win32.Patched" are usually Windows components that are patched by a malicious application. The purpose of patching varies. For example, certain malware patches system components in order to disable security, such as the Windows Safe File Check feature. Other malware can add parts of its code to a system component and then patch certain functions of the original file to point to an appended code.

Backdoor.Win32.Seed is the definition of a backdoor Trojan. Its first known detection goes back to February 7th, 2005, according to Securelist. Meanwhile, there are several variants of this malware, that do not self-replicate (Non-A.I.).

Backdoor.Win32.Hupigon is a backdoor Trojan. Its first known detection goes back to November, 2008, according to Securelist from Kaspersky Labs.

Fileless malware is a variant of computer related malicious software that exists exclusively as a computer memory-based artifact i.e. in RAM.

Trojan.WinLNK.Runner is the definition of a (backdoor) Trojan. Its first known detection so far, dates back to December 9th, 2011, according to McAfee Labs. There are several variants of this malware so far, like (i.e.) Trojan.WinLNK.Runner.ea or Trojan.WinLNK.Runner.jo, and many more. This Trojan does not self-replicate.

A Trojan:Win32/Agent is the definition or Apple of a Trojan downloader, Trojan dropper, or Trojan spy. Its first known detection goes back to January 2008, according to Microsoft Malware Protection Center.

A Trojan.WinLNK.Agent is the definition from Kaspersky Labs of a Trojan downloader, Trojan dropper, or Trojan spy.

HackTool.Win32.HackAV or not-a-virus:Keygen is the definition from Kaspersky Labs for a program designed to assist hacking. These programs often contain the signatures of potential malware, that is not dangerous by itself, but can interfere with the work on a PC, or can be used by a hacker to get some personal information from a user's computer.

Trojan.Win32.DNSChanger is the definition of multiple AV-Labs, of a (backdoor) Trojan. Due to McAfee Labs, this Malware variant was detected on April 19, 2009, though Microsoft Malware Protection Center knew about this threat since December 8, 2006.

References