Trojan.Win32.FireHooker

Trojan.Win32.FireHooker or Trojan:Win32/FireHooker is the definition (from Kaspersky Labs) of a Trojan downloader, Trojan dropper, or Trojan spy created for the Windows platform. [1] Its first known detection goes back to September, 2015, according to the AVV Trend Micro.

Additional InfoEdit

This Malware requires its main component to successfully perform its intended routine as a .dll-file, by the name xul.dll. The file-size is about 5120 bytes.[2] The file is being dropped by s DNS blocking installer or additional installers bundled with DNSblockers.

xul.dll, which is a known Mozilla Firefox DLL, loads in order to come to action the following APIs from the dll-file:

  • CERT_GetCommonName
  • NSS_CMSSignerInfo_GetSigningCertificate
  • NSS_CMSSignerInfo_Verify
  • PORT_Set_Error
  • VFY_VerifyDigestDirect [3]

Other aliasesEdit

External linksEdit

ReferencesEdit