Virus:EXP/Java.Gimsh.A.40
Date discovered:29/07/2008
Type:Exploit
Subtype:Downloader
In the wild:Yes
Reported Infections:Low
Distribution Potential:Low
Damage Potential:Low
Static file:Yes
File size:24.843 Bytes
MD5 checksum:a3620ae8063793a811f08da8a12895da
IVDF version:7.00.05.183 - Tuesday, July 29, 2008

 General Method of propagation:
   • No own spreading routine


Aliases:
   •  Kaspersky: Exploit.Java.Gimsh.a
   •  F-Secure: Exploit.Java.Gimsh.a
   •  Sophos: Troj/Dloadr-AYQ


Platforms / OS:
   • Windows 95
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP
   • Windows 2003


Side effects:
   • Downloads a malicious file

 Files It tries to download a file:

– The location is the following:
   • http://adxbnet.net/**********un.exe
It is saved on the local hard drive under: C:\U.exe Furthermore this file gets executed after it was fully downloaded. At the time of writing this file was not online for further investigation.

Description inserted by Thomas Wegele on Tuesday, September 2, 2008
Description updated by Thomas Wegele on Tuesday, September 2, 2008

Back . . . .