Trojan.Win32.FireHooker
Trojan.Win32.FireHooker or Trojan:Win32/FireHooker is the definition (from Kaspersky Labs) of a Trojan downloader, Trojan dropper, or Trojan spy created for the Windows platform.[https://www.avira.com/de/support-threats-summary/tid/33212/threat/TR.FireHooker.1825 TR/FireHooker.1825 - Avira Virenlabor] Its first known detection goes back to September, 2015, according to the AVV Trend Micro.
Malware details
This malware requires its main component to successfully perform its intended routine as a .dll file, by the name xul.dll. The file size is about 5120 bytes.[http://www.trendmicro.com.au/vinfo/au/threat-encyclopedia/malware/troj_firehooker.a TROJ_FIREHOOKER.A - Threat Encyclopedia - Trend Micro AU] The file is being dropped by an DNS blocking installer or additional installers bundled with DNSblockers.
xul.dll, which is a known Mozilla Firefox DLL, loads in order to come to action the following APIs from the DLL file
- CERT_GetCommonName
- NSS_CMSSignerInfo_GetSigningCertificate
- NSS_CMSSignerInfo_Verify
- PORT_Set_Error
- VFY_VerifyDigestDirect[https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/troj_firehooker.a TROJ_FIREHOOKER.A - Threat Encyclopedia - Trend Micro USA]
Other aliases
- TR/FireHooker.1825 (Avira)
- Trojan.GenericKD.2889803 (Bitdefender)
- Win32/FireHooker.A (ESET)
- Trojan.Win32.FireHooker.a (Kaspersky Labs)
External links
- [https://www.virustotal.com/de/file/327b36c8718224e596a033275166b4342840ed6901bcda280fb02f1566b8ad91/analysis/1456330135/ Analysis of a file @ VirusTotal]