Virus:TR/Dldr.Stration.C.6
Date discovered:20/10/2006
Type:Trojan
Subtype:Dropper
In the wild:Yes
Reported Infections:Medium to high
Distribution Potential:Low
Damage Potential:Low to medium
Static file:No
File size:45.060 Bytes
VDF version:6.36.00.192
IVDF version:6.36.00.211 - Tuesday, October 31, 2006

 General Method of propagation:
   • Email


Aliases:
   •  Kaspersky: Email-Worm.Win32.Warezov.ev
   •  Bitdefender: Win32.Warezov.DO@mm


Platforms / OS:
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP
   • Windows 2003


Side effects:
   • Drops a malicious file

 Files The following file is created:

%SYSDIR%\%10 digit random character string% .exe Furthermore it gets executed after it was fully created. Further investigation pointed out that this file is malware, too. Detected as: TR/Dldr.Stration.D

 Email It doesn't have its own spreading routine but it was spammed out via email. The characteristics are described in the following:


From:
The sender address is spoofed.


Email design:
 


Subject: Livan War real pictures.
Body:
   • Livan War real pictures.
Attachment:
   • picture%number%.zip
 


Subject: This is not shown on TV.
Body:
   • This is not shown on TV.
Attachment:
   • picture%number%.zip
 


Subject: This must be seen by everyone.
Body:
   • This must be seen by everyone.
Attachment:
   • picture%number%.zip


Subject:
One of the following:
   • Error
   • Good day
   • hello
   • Mail Delivery System
   • Mail Transaction Failed
   • picture
   • Server Report
   • Status
   • test



Body:
The body of the email is one of the lines:
   • Mail transaction failed. Partial message is available.
   • The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment
   • The message contains Unicode characters and has been sent as a binary attachment


Attachment:
The filename of the attachment is constructed out of the following:

–  It starts with one of the following:
   • body
   • data
   • doc
   • docs
   • document
   • file
   • message
   • readme
   • test
   • text

Sometimes continued by one of the following:
   • dat
   • elm
   • log
   • msg
   • txt

    The file extension is one of the following:
   • bat
   • cmd
   • exe
   • pif
   • scr

Description inserted by Andrei Ivanes on Tuesday, October 31, 2006
Description updated by Andrei Ivanes on Tuesday, October 31, 2006

Back . . . .