Virus:W32/Assill.A
Date discovered:29/01/2009
Type:File infector
Subtype:Prepender
In the wild:No
Reported Infections:Low
Distribution Potential:Low
Damage Potential:Low
Static file:No
File size:49552 Bytes
MD5 checksum:D8E9A25815116098C06A843F805CCA11
IVDF version:7.01.01.203 - Thursday, January 29, 2009

 General Aliases:
   •  Symantec: W32.Melsa
   •  Mcafee: W32/HLLP.49552
   •  Kaspersky: Virus.Win32.Assill.a
   •  Sophos: W32/Jeefo-G
   •  VirusBuster: Win32.Assill.A
   •  Eset: Win32/Assil.A
   •  Bitdefender: Win32.Assill.A


Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003


Side effects:
   • Registry modification

 Files It copies itself to the following location:
   • %SYSDIR%\ls32.exe




It tries to executes the following file:

– Filename:
   • %SYSDIR%\ls32.exe

 File infection Infector type:

Prepender - The virus code is added at the begining of the infected file.


Stealth:
 No stealth techinques used. It modifies the OEP (Original Entry Point) of the infected file to point to the virus code.


Method:

This direct-action infector actively searches for files.


The following file is infected:

By file type:
   • exe

 Registry The following registry keys are added:

– [HKCU\Software\Mellissa]
   • "its"="sample.exe"
   • "LK"="Named Mellissa. Ukraine(Chernivtsi)"
   • "sts"="C"

 File details Runtime packer:
In order to aggravate detection and reduce size of the file it is packed with the following runtime packer:
   • UPX

Description inserted by Razvan Olteanu on Tuesday, February 2, 2010
Description updated by Andrei Ivanes on Monday, February 8, 2010

Back . . . .