Trojan.Win32.FireHooker

Trojan.Win32.FireHooker or Trojan:Win32/FireHooker is the definition (from Kaspersky Labs) of a Trojan downloader, Trojan dropper, or Trojan spy created for the Windows platform. Its first known detection goes back to September, 2015, according to the AVV Trend Micro.

Malware details
This malware requires its main component to successfully perform its intended routine as a .dll file, by the name xul.dll. The file size is about 5120 bytes. The file is being dropped by an DNS blocking installer or additional installers bundled with DNSblockers.

xul.dll, which is a known Mozilla Firefox DLL, loads in order to come to action the following APIs from the DLL file


 * CERT_GetCommonName
 * NSS_CMSSignerInfo_GetSigningCertificate
 * NSS_CMSSignerInfo_Verify
 * PORT_Set_Error
 * VFY_VerifyDigestDirect

Other aliases

 * TR/FireHooker.1825 (Avira)
 * Trojan.GenericKD.2889803 (Bitdefender)
 * Win32/FireHooker.A (ESET)
 * Trojan.Win32.FireHooker.a (Kaspersky Labs)