"Disker" and "Disker64" trojan

[aztec 0]

Hi,

 

Saw this on the World of Warcraft/Blizzard games forum yesterday:

 

http://us.battle.net/wow/en/forum/topic/11041384892?page=1

 

Wondered if Emsi has been notified of this new malware, and has tried to mitigate it?

 

 

Thanks.

[Elise 261]

Yes, we are aware of it and detect/remove it. I can confirm the objects listed in the article you linked to are being created as stated: If you are concerned you have this malware and you have HijackFree, you can see the objects (Disker and/or Disker64) under the Autoruns tab.

[aztec 0]

Thank you Elise for the quick reply and the good work. 

[malware1 13]

This file is undetected by Emsisoft:

 

setup.exe - https://www.virustotal.com/en/file/09943ba819c2f70899dfa16d2930c65b4170989de9bf7de8b2cdaf15d137a7c1/analysis/1388832922/

 

Some other antivirus products with BitDefender engine detect it, but Emsisoft does not

 

It drops WINDOW~1.EXE and WINDOW~1.EXE drops w_win.dll and w_64.DLL.

 

WINDOW~1.EXE, w_win.dll, w_64.DLL - these files are detected.

[malware1 13]

Another sample of this malware:

 

setup.exe - https://www.virustotal.com/en/file/f05045f5e9badf1017d245a1977fa49c85183f0bc34aa4f1800c5c462b7c34eb/analysis/1388853235/ (undetected by Emsisoft)

 

Dropped files:

 

XB_010~1.EXE - https://www.virustotal.com/en/file/625060052f56063999793d944accb98b60dcb2411bdce005c8156e2e75cf2449/analysis/1388853290/ (detected by Emsisoft)

w_64.DLL - https://www.virustotal.com/en/file/dd9ded59410d4e2a77f5154ac0548aa657078d398057924f596bb8901c964344/analysis/1388853314/ (undetected by Emsisoft)

w_win.dll - https://www.virustotal.com/en/file/43eb4d54b1a8b204f41f2d67fe2563ad36ccd833325be4aab744d236e049ae56/analysis/1388853290/ (undetected by Emsisoft)

 

I'll submit the undetected files.

[Elise 261]

There are a number of variants, which is while some hashes are undetected. However trace detection is present for all dropped components.