OSX/Revir [Threat Name] go to Threat

OSX/Revir.A [Threat Variant Name]

Category trojan
Size 188951 B
Detection created Sep 23, 2011
Signature database version 6489
Aliases Trojan-Dropper.OSX.Revir.a (Kaspersky)
  OSX.Revir (Symantec)
  Trojan-Dropper:OSX/Revir.A (F-Secure)
Short description

OSX/Revir.A is a trojan that installs OSX/Imuler.A malware.

Installation

The trojan does not create any copies of itself.


The following files are dropped into the /tmp/ folder:

  • %malwarefilename%.pdf

The following file is dropped in the same folder:

  • host

The file is then executed.

Other information

The trojan contains an URL address. It tries to download a file from the address.


The file is stored in the following location:

  • /tmp/updtdata (OSX/Imuler.A)

The file is then executed. The HTTP protocol is used.

Please enable Javascript to ensure correct displaying of this content and refresh this page.