Home Malware Programs Downloaders H1N1 Loader

H1N1 Loader

Posted: October 16, 2020

H1N1 is a piece of malware that first emerged online in 2015. Back then, it appeared to have one sole purpose: introducing additional malware to the compromised host. However, the H1N1 Loader kept on receiving updates aiming to extend its functionality and introduce new features like an info collecting module that can obtain data from compromised systems. The H1N1 Loader has been used in combination with notorious malware families such as the Pony Botnet and Vawtrak. Apart from loading malware implants like the latter, the first variations of the H1N1 Loader also were capable of obtaining system information and sending it to a remote control server.

The H1N1 Loader is spread via fake Microsoft Office documents containing a corrupted macro script frequently. Often, the files may pose as important documents related to credits, debt, taxes, bank confirmation, card information, etc. When launched, the documents use a misleading message to prompt the user to click the 'Enable Content' button, which would allow the execution of macros. Once this requirement is met, the corrupted document may use the embedded macro scripts to try and deploy the H1N1 Loader.

The H1N1 Loader uses the process hollowing techniques to hijack the 'explorer.exe' Windows process and inject the corrupted code to execute in its memory. This is a common feature among Trojan loaders and downloaders since they may be able to avoid some debugging tools and automated detection utilities by exploiting legitimate Windows processes.

Taking the necessary measures to stop first-stage payloads like the H1N1 Loader can save you a lot of trouble. This malware's ability to deploy additional applications is very threatening, and users should prevent this by investing in reputable anti-virus software.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to H1N1 Loader may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner*

* See Free Trial offer below. EULA and Privacy/Cookie Policy.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.