Virus:TR/Dialer.22368
Date discovered:31/10/2008
Type:Trojan
Subtype:Dialer
In the wild:No
Reported Infections:Low
Distribution Potential:Low
Damage Potential:Low
Static file:Yes
File size:22.368 Bytes
MD5 checksum:944beaafc502d90bb0e9559c6524332c
VDF version:7.01.00.24
IVDF version:7.01.00.28 - Monday, November 3, 2008

 General Method of propagation:
   • No own spreading routine


Aliases:
   •  Kaspersky: Trojan.Win32.Dialer.gvf
   •  F-Secure: Trojan.Win32.Dialer.gvf
   •  Sophos: Mal/Dial-V
   •  Grisoft: Dialer.28.BS


Platforms / OS:
   • Windows 95
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP
   • Windows 2003


Side effects:
   • Lowers security settings
   • Registry modification


Right after execution the following information is displayed:

The picture has been edited for display purpose.

 Registry The value of the following registry key is removed:

–  [HKLM\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates]
   • FE622EA7B33CA46519AB39736A66B8F6E41FF157=-



The following registry keys are changed:

– [HKLM\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\
   FE622EA7B33CA46519AB39736A66B8F6E41FF157]
   New value:
   • Blob=%hex values%

Internet Explorer's start page:
– [HKCU\Software\Microsoft\Internet Explorer\Main]
   New value:
   • Start Page="http://www.freemyfunny.info"

 Miscellaneous Mutex:
It creates the following Mutex:
   • Ingresso

 File details Programming language:
 The malware program was written in Borland C++.


Runtime packer:
In order to aggravate detection and reduce size of the file it is packed with the following runtime packer:
   • UPX

Description inserted by Monica Ghitun on Thursday, November 27, 2008
Description updated by Monica Ghitun on Thursday, November 27, 2008

Back . . . .