Need help? Ask the community or hire an expert.
Go to Avira Answers
Date discovered:18/10/2006
In the wild:No
Reported Infections:Low
Distribution Potential:Low
Damage Potential:Low to medium
Static file:Yes
File size:236.286 Bytes
MD5 checksum:ad1f26bb6105b21650289ea7433fc1e1
VDF version:
IVDF version: - Thursday, October 5, 2006

 General Method of propagation:
   • No own spreading routine

   •  Mcafee: PWS-Lineage.dr
   •  Kaspersky:
   •  Eset: Win32/PSW.Lineage.AJP

Platforms / OS:
   • Windows 95
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP
   • Windows 2003

Side effects:
   • Drops a file
   • Drops a malicious file
   • Steals information

 Files  It creates the following directory:
   • %TEMPDIR%\RarSFX0

The following files are created:

– A file that is for temporary use and it might be deleted afterwards:
   • %TEMPDIR%\RarSFX0\??.txt

%TEMPDIR%\RarSFX0\2.sfx.exe Furthermore it gets executed after it was fully created. Further investigation pointed out that this file is malware, too. Detected as: DR/PSW.Gamania.GM.2

 File details Runtime packer:
In order to aggravate detection and reduce size of the file it is packed with the following runtime packer:
   • UPX

Description inserted by Monica Ghitun on Wednesday, October 18, 2006
Description updated by Andrei Ivanes on Monday, November 6, 2006

Back . . . .