Misplaced Pages

Trojan.Win32.FireHooker

Article snapshot taken from Wikipedia with creative commons attribution-sharealike license. Give it a read and then ask your questions in the chat. We can research this topic together.

Trojan.Win32.FireHooker or Trojan:Win32/FireHooker is the definition (from Kaspersky Labs) of a Trojan downloader, Trojan dropper, or Trojan spy created for the Windows platform. Its first known detection goes back to September, 2015, according to the AVV Trend Micro.

Malware details

This malware requires its main component to successfully perform its intended routine as a .dll file, by the name xul.dll. The file size is about 5120 bytes. The file is being dropped by an DNS blocking installer or additional installers bundled with DNSblockers.

xul.dll, which is a known Mozilla Firefox DLL, loads in order to come to action the following APIs from the DLL file

  • CERT_GetCommonName
  • NSS_CMSSignerInfo_GetSigningCertificate
  • NSS_CMSSignerInfo_Verify
  • PORT_Set_Error
  • VFY_VerifyDigestDirect

Other aliases

External links

References

  1. TR/FireHooker.1825 - Avira Virenlabor
  2. TROJ_FIREHOOKER.A - Threat Encyclopedia - Trend Micro AU
  3. TROJ_FIREHOOKER.A - Threat Encyclopedia - Trend Micro USA
Categories: