Virus:Worm/Braban.H
Date discovered:04/09/2006
Type:Worm
In the wild:Yes
Reported Infections:Low to medium
Distribution Potential:Medium
Damage Potential:Medium
Static file:Yes
File size:20.480 Bytes
MD5 checksum:05aee6f98b1a92833dc0c56c833c3e54
VDF version:6.35.01.177
IVDF version:6.35.01.181 - Tuesday, September 5, 2006

 General Aliases:
   •  Kaspersky: IM-Worm.Win32.Braban.h
   •  F-Secure: IM-Worm.Win32.Braban.h
   •  Bitdefender: Win32.Worm.Braban.B


Platforms / OS:
   • Windows 98 SE
   • Windows ME
   • Windows 2000
   • Windows XP
   • Windows 2003


Side effects:
   • Third party control

 Files It copies itself to the following location:
   • %PROGRAM FILES%\MSN Messenger\msnmsgr.exe



It renames the following file:

    •  %PROGRAM FILES%\MSN Messenger\msnmsgr.exe into %PROGRAM FILES%\MSN Messenger\msnm.exe

 Backdoor Contact server:
The following:
   • http://go.links**********

Once connected it will retrieve an additional list of servers.
As a result remote control capability is provided. This is done via the HTTP GET request on a PHP script.


Remote control capabilities:
    • Download file
    • Visit a website

 File details Runtime packer:
In order to aggravate detection and reduce size of the file it is packed with the following runtime packers:
   • Morphine
   • UPX

Description inserted by Andrei Ivanes on Tuesday, September 5, 2006
Description updated by Andrei Ivanes on Thursday, September 7, 2006

Back . . . .