W32/Perrum - Malware

Siehe auch

Vollständig

Alias:
Type:	Worm
Size:	11.780 Bytes
Origin:
Date:	06-14-2002
Damage:	Spreads over .JPG files.
VDF Version:	6.23.00.00
Danger:	Medium
Distribution:	Low

DistributionIt spreads over .JGP files, sent by the user.

Technical DetailsW32/Perrum is a Windows virus, which infects .JPG files. It is programmed in Visual Basic and packed with UPX.
The virus file PROOF.EXE drops two files: EXTRK.EXE and REG.MP3 in the same directory and enters the following registry key:

HKEY_CLASSES_ROOT\jpegfile\shell\open\command"(Default)"="EXTRK.EXE %1"

Then the worm checks for .JPG files in the same directory and infects them with its code. The code is inserted at the end of these files. A .JPG file can be infected only once and only one file per infection cycle is infected. When the infected file is opened from another infected computer, W32/Perrum searches for a clean .JPG file in the current directory and infects it with its virus code.

If the infected file is opened on a clean system, the virus code can not be activated.
W32/Perrum uses the following files:
EXTRK.EXE.
PROOF.EXE = 11.780 Bytes (12Kbytes) (packed with UPX)
EXTRK.EXE = 5.636 Bytes (6 Kbytes) (extracting components)
REG.MP3 = Contains the registry key for W32/Perrum.

Kurzfassung hier.

Beschreibung erstellt von Crony Walker am Tue, 15 Jun 2004 14:00 (GMT+1)

» Über Malware
» Über Phishing
» In-the-Wild-Viren

« zurück