Mal/ExpJS-Y

Category: Viruses and SpywareProtection available since:28 Oct 2011 15:05:51 (GMT)
Type: Malicious behaviorLast Updated:28 Oct 2011 15:05:51 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

This detection is for malicious web content hosted on exploit sites.

Files detected as Mal/ExpJS-Y are components of an exploit kit known as 'Nice Pack'. The purpose of the content is to check specific browser plugins and load the appropriate exploit content (e.g. PDF and Java files) and infect the user with malware.

At the time of writing, the kit is being used to infect users with a rootkit known as ZeroAccess (aka Sirefef), which is blocked by Sophos as Mal/FakeAV-IS.

Examples of Mal/ExpJS-Y include:

Example 1

File Information

Size
2.2K
SHA-1
12c1448cc91d4d3c67e4c97e2a066e86e40f2223
MD5
a7e52d000269c47dd3e9e76b081f4f8d
CRC-32
c95e2370
File type
text/html
First seen
2011-10-26

Example 2

File Information

Size
4.2K
SHA-1
1fb603c47419916039fce98de66a5c0b7c2064ac
MD5
42ef0607de8f3c03c81d373ee24feeae
CRC-32
5e61affa
File type
application/octet-stream
First seen
2011-08-22

Example 3

File Information

Size
4.3K
SHA-1
273d89d52e0efd9afe0f503448b4e46eb1fcef90
MD5
9b4791e9c0547856e3a882d9cff74dc9
CRC-32
b535aaff
File type
application/octet-stream
First seen
2011-08-22