Virus:APPL/HideDir.A
Date discovered:09/03/2007
Type:Application
In the wild:Yes
Reported Infections:Low
Distribution Potential:Low
Damage Potential:Low
Static file:Yes
File size:415.744 Bytes
MD5 checksum:4def017b8d6a6a33c000e3252924c45a
IVDF version:6.38.00.23 - Friday, March 9, 2007

 General Method of propagation:
   • No own spreading routine


Platforms / OS:
   • Windows 95
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP
   • Windows 2003


Side effects:
Can be used by rogue users or malware to lower security settings.


Right after execution the following information is displayed:


 Files  It creates the following directory:
   • %current directory%\Thumbs.dn



It renames the following files:

    •  %current directory%\*.* into %current directory%\Thumbs.dn\%number%.mem



The following files are created:

– Non malicious files:
   • %current directory%\desktop.ini
   • %current directory%\Thumbs.dn\%several random numbers from 0 to 9%.mem
   • %current directory%\Thumbs.dn\%several random numbers from 0 to 9%LIST.mem

 Registry The following registry key is added:

– [HKLM\SOFTWARE\ExeSoft\Strong]
   • %letter% =

 File details Programming language:
 The malware program was written in Delphi.


Runtime packer:
In order to aggravate detection and reduce size of the file it is packed with the following runtime packer:
   • UPX

Description inserted by Andrei Gherman on Wednesday, October 14, 2009
Description updated by Andrei Gherman on Wednesday, October 14, 2009

Back . . . .