Top 1 – SmokeLoader
SmokeLoader is an Infostealer/downloader malware that is distributed via exploit kits. This week, it ranked first place with 19.9%. Like other malware that is distributed via exploit kits, this malware also has a MalPe form.
When executed, it injects itself into explorer.exe, and the actual malicious behavior is executed by explorer.exe. After connecting to the C&C server, it can download additional modules or other malware strains. Additionally downloaded modules usually have Infostealer features, and explorer.exe (child process) is created and injects modules to operate.
For an analysis report related to Smoke Loader, refer to the ASEC Report below.
[PDF] ASEC REPORT vol.101_Smoke Loader Learns New Tricks