Win64/Heriplor [Threat Name] go to Threat

Win64/Heriplor.A [Threat Variant Name]

Category trojan
Size 118986 B
Detection created Sep 13, 2017
Detection database version 16077
Aliases Backdoor.Win32.Zapchast.aa (Kaspersky)
  Trojan:Win32/Groooboor (Microsoft)
  Trojan.Heriplor (Symantec)
  Trojan.Swrort.47 (Dr.Web)
Short description

Win64/Heriplor.A is a trojan which tries to download other malware from the Internet. The file is run-time compressed using RAR SFX .

Installation

When executed, the trojan creates the following files:

  • c:\­windows\­temp\­opera.exe (37888 B, Win64/Heriplor.A)
  • c:\­windows\­temp\­~tmp132356.dll (13824 B, Win64/Heriplor.A)

The trojan executes the following files:

  • c:\­windows\­temp\­opera.exe
Other information

The trojan contains a URL address.


It tries to download and execute the other part of the infiltration from the address.


The TCP protocol is used in the communication.

Please enable Javascript to ensure correct displaying of this content and refresh this page.