1. Skip to navigation
  2. Skip to content
  3. Skip to secondary-content




Trojan-Downloader:W32/ConHook.APX

Name : Trojan-Downloader:W32/ConHook.APX
Detection Names : Trojan-Downloader.Win32.ConHook.apx
Size:132096
Category:Malware
Type:Trojan-Downloader
Platform:W32

Summary

This type of trojan secretly downloads malicious files from a remote server, then installs and executes the files.

Details


Network Connections
Attempts to connect to:

  • http://65.243.103.56/go/
  • http://65.243.103.60/go/
  • http://65.243.103.62/go/
  • http://89.188.16.10/go/
  • http://89.188.16.16/go/
  • http://24.244.171.110/redirect/[...].php



Registry Modifications
Creates these keys:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
  • HKCR\CLSID\...\InprocServer32


Additional Details

Trojan-Downloader:W32/ConHook.APX captures keywords from searches and creates relevant popup windows and ads.

It may attempt to use its outbound connections to download additional malicious programs, or to send information.

ConHook.APX targets Web searches made on the following sites:

  • 7search.com
  • alexa.com
  • alltheweb.com
  • ask.com/
  • bbc.co.uk
  • comcast.net
  • destinationadult.com
  • excite.co.jp
  • findsearch.net
  • gigablast.com
  • goguides.org
  • google
  • hotbot.com
  • infoseek.co.jp
  • instafinder.com
  • jayde.com
  • kanoodle.com
  • lb1.netster.com
  • live.com
  • lycos
  • mamma.com
  • mirago.co.uk
  • mysearch.myway.com
  • mywebsearch.com
  • neon.org.uk
  • netster.com
  • query.nytimes.com
  • recherche.aol.fr
  • reference.com
  • s.teoma.com
  • search.about.com
  • search.aol
  • search.daum.net
  • search.dmoz.org
  • search.earthlink.net
  • search.looksmart.com
  • search.msn
  • search.netscape.com
  • search.netzero.net
  • search.sympatico.msn.ca
  • search.wanadoo.co.uk
  • search.xtramsn.co.nz
  • searchmiracle.com
  • sensis.com.au
  • uk.searchengine.com
  • url.searchuk.com
  • usseek.com
  • vivisimo.com
  • web altavista.com
  • web.ask
  • websearch.com
  • wesearchall.com
  • www.excite.co.jp
  • yahoo

Trojan-Downloader.Win32.ConHook.apx is a component of Virtumonde.

Virtumonde (also known as Vundo) is adware that is heavily used to promote "rogue" applications.

See the Virtumonde description and the Rogue antispyware description for additional details.