Trojan:Win64/Sirefef.B is a trojan that connects to a remote server to download arbitrary files which can include malware, such as other components of Sirefef.
This trojan is installed by other malware, such as Trojan:Win64/Sirefef.A, and may be present on an affected computer as the following file:
The trojan is injected into the process "svchost.exe" and its payload is executed.
Downloads arbitrary files
Trojan:Win64/Sirefef.B connects to a remote server to retrieve commands that could include the following actions:
- download arbitrary files or updated Sirefef components
- execute retrieved files
- inject retrieved files into other processes
Analysis by Shawn Wang
The following system changes may indicate the presence of this malware:
- The presence of the following files:
- Alert notifications from installed antivirus software may be the only symptoms.