W32/Tepfer.D8A1
Posted: August 29, 2013
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 9/10 |
---|---|
Infected PCs: | 7 |
First Seen: | August 29, 2013 |
---|---|
Last Seen: | October 18, 2020 |
OS(es) Affected: | Windows |
W32/Tepfer.D8A1 is a Trojan that spreads via a spear FTP phishing attack. W32/Tepfer.D8A1 is able to target numerous organizations. Such attacks are considered as a part of APTs (Advanced Persistent Threats), which aim to get a foothold in the network of an organization. W32/Tepfer.D8A1 is distributed via spam emails carrying malicious file attachments, detected as W32/Tepfer.D8A1. W32/Tepfer.D8A1 targets FTP clients. FTP clients are used in many corporations for secure file transferring, and the malware infection is basically targeting these to steal any sensitive information. W32/Tepfer.D8A1 steals user information from FTP software using certain Windows API functions. W32/Tepfer.D8A1 aims to download malicious files from the certain URLs. W32/Tepfer.D8A1 saves the downloaded executable files to the Temporary folder, then executes them. W32/Tepfer.D8A1 eliminates itself from the current folder. W32/Tepfer.D8A1 aims to steal stored account information or credentials of particular applications. The stolen information is then transmitted by W32/Tepfer.D8A1 to one of the certain URLs.W32/Tepfer.D8A1 arrives packaged with UPX and, once unpacked, it has its own mechanisms in place to block emulation. W32/Tepfer.D8A1 gathers details of an affected host's FTcP servers. W32/Tepfer.D8A1 watches for many popular FTP programs, which include Ghisler's Windows and Total Commander, FireZilla, GlobalSCAPE CuteFTP, Far FTP, WS_FTP and FlashFXP. For CuteFTP W32/Tepfer.D8A1 queries the Windows Registry. By searching for CuteFTP's .dat file (sm.dat - site manager data file), W32/Tepfer.D8A1 can conceal CuteFTP Pro, CuteFTP and CuteFTP Lite. W32/Tepfer.D8A1 also conceals CuteFTP's QCToolbar versions 6, 7 and 8 for both Home and Professional editions by querying the QCHistory registry entries. To acquire FTP details W32/Tepfer.D8A1 queries the Windows Registry for the path of either an .ini or .dat file. W32/Tepfer.D8A1 can also query for the actual host, username and password linked to the certain FTP client application via registry subkeys. Also, whenever possible W32/Tepfer.D8A1 also checks the ShSpecialFolder for the existence of known FTP client directories and then manually searches for both the .ini and .dat files. W32/Tepfer.D8A1 looks for specific directories using CSIDL values. W32/Tepfer.D8A1 may display a firewall alert that an executable is attempting to connect to the Internet. cotemplate:aliases]
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.