Trojan-Dropper.Win32.Flystud.yo not detected by avast

Avast Virus Team,

Since yesterday we had submit to virus at avast dot com, and today we don’t see that avast aware and update VPS file for protect from this virus/malware attacked.

Is there any issues related with this virus/malware?

??? ??? ???

Regards,

Yanto Chiang

Dear avast virus team,

As additiional information, from Jotti and Virust Total result.

We has been submitted to virus at avast dot com since yesterday, hopefully this case could closed as soonest as possible.

Regards,
Yanto Chiang
Prima Partner Infotek

flystudio is actually a mangled name for EPL (Easy Programming Language)… it’s some Chinese scripting engine compilable to an interpretted form… this form is not easy to analyse (is a bit obscure)… what triggers the FlyStud detections is the obfuscation of the interpretter (there are various flystudio packers), we’ll look what is this obfuscator for…

flystudio is actually a mangled name for EPL (Easy Programming Language).. it's some Chinese scripting engine compilable to an interpretted form... this form is not easy to analyse (is a bit obscure)... what triggers the FlyStud detections is the obfuscation of the interpretter (there are various flystudio packers), we'll look what is this obfuscator for..

Hi Maxx,

Thanks for your explanation,
anyway, this virus/malware source name is kamus.exe (english : dictionary.exe). I think your are rite, this virus/malware probably detected as chinese scripting engine or real malware…we’ll see than…

Regards,
Yanto Chiang

the file does some unwanted things, so it should be detected with one of the next VPS updates…

Hi Yanto.Chiang,

A trojan dropper is a malicious software program that has been designed to enable an attacker to launch a hidden installation of malcode in the body of these type of trojans that forms the payload of it.

This type of malicious software stays behind on the hard disk of the victim’s computer (or in the Windows catalogue, the Windows system folder, a temporal directory, etc.) without a specific message (or error messages in the archive, wrong version of the O.S. etc.) an creates other files to launch them for execution.

By installing a malicious software program of this class the hacker can establish two goals:

  • to perform a hidden install of Trojans and viruses;
  • to enable protection against known malware detection by av solutions, because they cannot check all inner components of mentioned Trojans,

There are two main varieties of the malware:http://www.threatexpert.com/report.aspx?md5=510994c74cf447a594206f864595a346

and

http://www.threatexpert.com/report.aspx?md5=b84abc0f5f2c1aee99351052f38f8824

polonus

Hi Yanto.Chiang,

A trojan dropper is a malicious software program that has been designed to enable an attacker to launch a hidden installation of malcode in the body of these type of trojans that forms the payload of it.

This type of malicious software stays behind on the hard disk of the victim’s computer (or in the Windows catalogue, the Windows system folder, a temporal directory, etc.) without a specific message (or error messages in the archive, wrong version of the O.S. etc.) an creates other files to launch them for execution.

By installing a malicious software program of this class the hacker can establish two goals:

  • to perform a hidden install of Trojans and viruses;
  • to enable protection against known malware detection by av solutions, because they cannot check all inner components of mentioned Trojans,

There are two main varieties of the malware:http://www.threatexpert.com/report.aspx?md5=510994c74cf447a594206f864595a346

and

http://www.threatexpert.com/report.aspx?md5=b84abc0f5f2c1aee99351052f38f8824

polonus

Hi Polonus,

Thanks again for your details advice and information,

Anyway, avast antivirus started today with VPS File definition 091016-0 could detected this variant as Win32:Trojan-Gen.

So good work for avast virus research team…keep fighting to analyze the variants malware/viruses…

Regards,
Yanto Chiang