Du brauchst Hilfe? Frage die Community oder wende dich an einen Experten.
Zu Avira Answers
Date discovered:19/08/2011
In the wild:Yes
Reported Infections:Low
Distribution Potential:Medium to high
Damage Potential:Medium
Static file:Yes
File size:266.240 Bytes
MD5 checksum:38771EBCABCBE8BEA7D00D2E8232BAC7
VDF version:
IVDF version:

 General Methods of propagation:
   • Autorun feature
   • Messenger

   •  Kaspersky: Trojan.Win32.VBKrypt.fbnw
   •  Microsoft: Worm:Win32/Dorkbot.I
   •  AhnLab: Trojan/Win32.VBKrypt

Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003
   • Windows Vista
   • Windows 7

Side effects:
   • Drops files
   • Registry modification

 Files It copies itself to the following location:
   • %APPDATA%\%random character string%.exe

It deletes the initially executed copy of itself.

 Registry One of the following values is added in order to run the process after reboot:

–  [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
   • "%random character string%"="%APPDATA%\%random character string%.exe"

 Messenger It is spreading via Messenger. The characteristics are described below:

– Windows Live Messenger

 IRC To deliver system information and to provide remote control it connects to the following IRC Servers:

Server: **********hmoney.biz
Port: 4042
Nickname: %random character string%

Server: **********therebitch.com
Port: 4042
Nickname: %random character string%

– This malware has the ability to collect and send information such as:
    • Username
    • Information about the Windows operating system

– Furthermore it has the ability to perform actions such as:
    • connect to IRC server
    • disconnect from IRC server
    • Join IRC channel
    • Leave IRC channel
    • Perform DDoS attack

 Injection – It injects itself as a remote thread into processes.

    Process name:
   • %random process%

 Miscellaneous Anti debugging
Checks for debugger or virtual machine using time related techniques.

 File details Programming language:
The malware program was written in Visual Basic.

Die Beschreibung wurde erstellt von Andrei Ilie am Mittwoch, 26. Oktober 2011
Die Beschreibung wurde geändert von Andrei Ilie am Montag, 31. Oktober 2011

zurück . . . .