{"id":72589,"date":"2011-06-08T11:35:28","date_gmt":"2011-06-08T11:35:28","guid":{"rendered":"https:\/\/localhost\/wordpress\/?p=72589"},"modified":"2011-06-08T11:35:28","modified_gmt":"2011-06-08T11:35:28","slug":"fake-windows-xp-recovery-tool","status":"publish","type":"post","link":"https:\/\/www.quickheal.com\/blogs\/fake-windows-xp-recovery-tool\/","title":{"rendered":"Fake &#8220;Windows XP Recovery&#8221; tool."},"content":{"rendered":"<p>We have analyzed below malicious email. As usual it pretends to be from DHL Inc.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/blogs.quickheal.com\/wp-content\/uploads\/archive\/windows1.jpg\" alt=\"\" width=\"423\" height=\"484\" \/><\/p>\n<p>As we can see this email has a zip file attachment which contains a malware.<br \/>\nOn extraction of this zip file user gets an executable file which has icon like a pdf file.<\/p>\n<p>If this file gets executed it runs a script file from url &#8220;https:\/\/9X.6X.9.15\/f\/g.php&#8221;<br \/>\nand downloads the fake tool file from the url &#8220;https:\/\/6X.9X.116.16\/pusk3.exe&#8221;<\/p>\n<p>After downloaded file is executed on the affected machine and it works as a fake &#8220;Windows XP Recovery&#8221; tool.<br \/>\nIt hides all the items which are present on the users desktop. It displays frequently a fake &#8220;Hard Drive Failure&#8221;<br \/>\nerror message. The fake tool is as shown below:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/blogs.quickheal.com\/wp-content\/uploads\/archive\/windows2.jpg\" alt=\"\" width=\"582\" height=\"353\" \/><\/p>\n<p>Quickheal detects the malware file as &#8220;TrojanDownloader.Dapato.dt&#8221; so users are already protected.<br \/>\nWe recommend users not to open such attachments from the unknown emails.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>We have analyzed below malicious email. As usual it pretends to be from DHL Inc. As we can see this email has a zip file attachment which contains a malware. On extraction of this zip file user gets an executable file which has icon like a pdf file. If this file gets executed it runs [&hellip;]<\/p>\n","protected":false},"author":20,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-72589","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts\/72589"}],"collection":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/users\/20"}],"replies":[{"embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/comments?post=72589"}],"version-history":[{"count":0,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts\/72589\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/media?parent=72589"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/categories?post=72589"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/tags?post=72589"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}