Heimdal
article featured image

Contents:

Heimdal™ returns with another incisive, mind-bending edition of our celebrated threat hunting journal. What does the month of July have in stock for us? As one would expect, even more trojans, PUAs, and a couple of worms and viruses just to keep things interesting. Wonder no more because our trojan king reigns unchallenged – 15 trojan strains were detected throughout July, totaling a not so–whopping 8,404 positive detections (no change there). Enjoy, subscribe, and, of course, share if you care.

Top Malware(s) Detections: 1st of July – 29th of July

Heimdal™’s SOC team has positively IDed 15 trojan strains in July. The number of trojans (positive) hits is 8,404; as someone might say “not good, not terrible”. So, what’s so special about it? Because this number represents our newest historical low (i.e., February – 10,351 vs. July – 8,404). And because we just love numbers and percentages, trojan activity in July has decreased by 158% (i.e., compared with the previous month). Diversity-wise, we have our usual ACAD/Bursted.AN detections, Run.Ramnit.C, PUAs, and the Sality virus.

All of July’s malware detections can be found below.

Name No. of hits
EXP/PyShellCode.G
2647
ACAD/Bursted.AN
2301
TR/Trash.Gen
1515
EXP/CVE-2010-2568.A
1004
TR/Patched.Gen
916
TR/PSInject.G1
904
TR/CoinMiner.wmstw
878
Eicar-Signature
872
TR/CoinMiner.uwtyu
830
TR/AD.GoCloudnet.kabtg
699
PUA/UTorrentWeb.BA
693
TR/Dldr.Delphi.Gen
512
TR/Dropper.Gen2
495
W32/Run.Ramnit.C
450
W32/Infector.Gen
439
TR/Crypt.XPACK.Gen
417
W32/Sality.AW
361
ACAD/Burste.K
338
TR/Swrort.fkiqj
327
W32/Sality.AT
275
VBS/Ramnit.abcd
272
W97M/Class.EP.1
244
ADWARE/Adware.Gen2
229
WORM/Brontok.C
226
W32/Neshta.A
224
TR/Dropper.Gen
211
TR/AD.Swotter.lckuu
201
TR/Patched.Ren.Gen
175
LNK/Runner.VPGG
163
TR/Patched.Ren.Gen7
163
TR/Worm.Gen
161

Top 7 Malware Detailed

Now that we have this month’s threat hunting stats out of the way, let’s take a stab at the most important malware detections.

EXP/PyShellCode.G


PYyShellCode.G  is a malware whose scope is to either identify and exploit code or software vulnerabilities.

TR/Trash.Gen


Trash. Gen is your run-of-the-mill trojan that can impact your machine in different ways. For instance, it can slow down your device, paving the way for other malware, installing backdoors, and more. This particular trojan is endemic to pornographic websites.

PUA/UTorrentWeb.BA


UTorrentWeb.BA is a PUA (i.e., Potentially Unwanted Application) that can be leveraged for stuff like recon. It can also install adware on the infected machine. As the name suggests, PUA most often infects machines running torrent downloaders.

W32/Infector.Gen


Infector.Gen is malware with trojan capabilities. Typical Infector.Gen behavior includes DLL injection, process manipulation, and creation of scheduled tasks for persistence purposes.

W97M/Class.EP.1


Class.EP.1 is a later iteration of the M97 Class macro virus that is used to infect MS Office 97 documents.

TR/Dropper.Gen


Dropper.Gen is a dropper-type malware. It’s usually employed to deliver other types of malware. From January to July, Heimdal™ has identified five distinct versions of the Dropper.Gen malware.

W32/Sality.AT


Sality.AT is the latest version of the infamous Sality virus, that made headlines back in 2003. Never out of fashion, Sality, with its AT variant, can perform a long range of actions on target such as C2 communication, backdoor installation, and transforming the infected machine into a bot.

Additional Cybersecurity Tips and Parting Thoughts

This wraps up the July edition oft our celebrated threat hunting journal. Before I go, here are some cybersecurity tips that may help you even the odds with hackers.

  • Manual scanning vs. scheduled (automatic) scanning. It’s not always a good idea to leave the scanning bit to the users. Experience dictates that the average user would rather skip this part and focus on other meaningful things than go along with it. So, the best course of action would be to set an automatic (and scheduled) scanning flow.
  • More firepower. Some types of malware won’t show up on a regular AV scan. If so, I would encourage you to try out Heimdal™ Next-Gen AV & MDM, a solution that combines top-tier detection rates, brute-force detection & protection features, and more.
  • Beware of phishing. As most malware’s gets pipped via email do yourself a favour and stay away from suspicious email. Remember the rule of the thumb: if it looks shady, then it’s probably dangerous.

Do you enjoy our Threat Hunting Journal? Don’t forget to follow us on LinkedInTwitterFacebookYoutube, or Instagram to keep up to date with everything we post!

Author Profile

Vladimir Unterfingher

Senior PR & Communications Officer

Experienced blogger with a strong focus on technology, currently advancing towards a career in IT Security Analysis. I possess a keen interest in exploring and understanding the intricacies of malware, Advanced Persistent Threats (APTs), and various cybersecurity challenges. My dedication to continuous learning fuels my passion for delving into the complexities of the cyber world.

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE