Virus:TR/Dldr.CWS.h.2
Date discovered:20/09/2005
Type:Trojan
In the wild:No
Reported Infections:Low
Distribution Potential:Low
Damage Potential:Low
Static file:Yes
File size:13.824 Bytes
MD5 checksum:70e2f285bad31bcf45308237a04d9e2c
VDF version:6.32.0.37

 General Method of propagation:
   • No own spreading routine


Platforms / OS:
   • Windows 95
   • Windows 98
   • Windows 98 SE
   • Windows XP


Side effects:
   • Uses its own Email engine

 Files The following file is created:

– C:Windows\inetdata\mm.pid



It tries to download a file:

– The location is the following:
   • wm.**********.com/cgi-bin5/repeatermult.cgi?n=1&lastid=
This file may contain information related to the email spam function.

 Email It contains an integrated SMTP engine in order to send Spam emails. A direct connection with the destination server will be established. The characteristics are described in the following:


From:
Generated addresses. Please do not assume that it was the sender's intention to send this email to you. He might not know about his infection or might not even be infected at all. Furthermore it is possible that you will receive bounced emails telling you that you are infected. This might also not be the case.


To:
– Gathered addresses from the internet



The email looks like the following:


 Mailing Gather addresses:
It gathers addresses by contacting the following website:
   • wm.**********.com/cgi-bin5/repeatermult.cgi?n=1&lastid=

 File details Runtime packer:
In order to aggravate detection and reduce size of the file it is packed with the following runtime packers:
   • PE_Patch.PECompact
   • PecBundle
   • PECompact

Description inserted by Irina Boldea on Tuesday, September 20, 2005
Description updated by Irina Boldea on Wednesday, September 28, 2005

Back . . . .