Downloader + file virus – a new approach?

A few days ago we got another Trojan-Dropper.

When we analyzed it, we found out that it installs 4 files to the system. Nothing out of the ordinary for a dropper. But then we discovered that while one of the files it drops is detected as Trojan-Downloader.Win32.VB.jl, our scanner told us that the other three are infected with Virus.Win32.Parite.b

What’s all this about? Someone is trying to spread Parite? We’ve known about this virus for a number of years, and it’s still one of the most widespread classic file viruses found in the wild. But we haven’t seen it being deliberately spread for a long time.

The answer was simple, and unexpected. When we cleaned the virus from the infected files, we discovered that underneath the Parite infection, the files were infected with three other Trojan-Downloaders – WinAD.c, and Small.aqt, which Kaspersky Anti-Virus has detected for a long time.

All of these programs are designed to download adware onto the victim machine. So it seems likely that whoever created the original dropper didn’t know that the machine he used was infected with Parite.

On the other hand, it could just be another attempt on the part of virus writers to prevent their creations being detected by dedicated anti-adware and anti-spyware solutions, which can’t detect standard file viruses.

Downloader + file virus – a new approach?

Your email address will not be published.



Kimsuky’s GoldDragon cluster and its C2 operations

Kimsuky (also known as Thallium, Black Banshee and Velvet Chollima) is a prolific and active threat actor primarily targeting Korea-related entities. In early 2022, we observed this group was attacking the media and a think-tank in South Korea.

Andariel deploys DTrack and Maui ransomware

Earlier, the CISA published an alert related to a Stairwell report, “Maui Ransomware.” Our data should openly help solidify the attribution of the Maui ransomware incident to the Korean-speaking APT Andariel, also known as Silent Chollima and Stonefly.

Subscribe to our weekly e-mails

The hottest research right in your inbox