Win64/Heriplor [Threat Name] go to Threat
Win64/Heriplor.A [Threat Variant Name]
Category | trojan |
Size | 118986 B |
Detection created | Sep 13, 2017 |
Detection database version | 16077 |
Aliases | Backdoor.Win32.Zapchast.aa (Kaspersky) |
Trojan:Win32/Groooboor (Microsoft) | |
Trojan.Heriplor (Symantec) | |
Trojan.Swrort.47 (Dr.Web) |
Short description
Win64/Heriplor.A is a trojan which tries to download other malware from the Internet. The file is run-time compressed using RAR SFX .
Installation
When executed, the trojan creates the following files:
- c:\windows\temp\opera.exe (37888 B, Win64/Heriplor.A)
- c:\windows\temp\~tmp132356.dll (13824 B, Win64/Heriplor.A)
The trojan executes the following files:
- c:\windows\temp\opera.exe
Other information
The trojan contains a URL address.
It tries to download and execute the other part of the infiltration from the address.
The TCP protocol is used in the communication.