Trojan.Win32.FireHooker

Trojan.Win32.FireHooker or Trojan:Win32/FireHooker is the definition (from Kaspersky Labs) of a Trojan downloader, Trojan dropper, or Trojan spy created for the Windows platform. ^[1] Its first known detection goes back to September, 2015, according to the AVV Trend Micro.

Malware details edit

This malware requires its main component to successfully perform its intended routine as a .dll file, by the name xul.dll. The file size is about 5120 bytes.^[2] The file is being dropped by an DNS blocking installer or additional installers bundled with DNSblockers.

xul.dll, which is a known Mozilla Firefox DLL, loads in order to come to action the following APIs from the DLL file

CERT_GetCommonName
NSS_CMSSignerInfo_GetSigningCertificate
NSS_CMSSignerInfo_Verify
PORT_Set_Error
VFY_VerifyDigestDirect ^[3]

Other aliases edit

TR/FireHooker.1825 (Avira)
Trojan.GenericKD.2889803 (Bitdefender)
Win32/FireHooker.A (ESET)
Trojan.Win32.FireHooker.a (Kaspersky Labs)

External links edit

Analysis of a file @ VirusTotal

References edit

[1] TR/FireHooker.1825 - Avira Virenlabor

[2] TROJ_FIREHOOKER.A - Threat Encyclopedia - Trend Micro AU

[3] TROJ_FIREHOOKER.A - Threat Encyclopedia - Trend Micro USA

[1]

[2]

[3]