Virus:W32/DunDun
Date discovered:07/05/2008
Type:File infector
In the wild:Yes
Reported Infections:Low
Distribution Potential:Low to medium
Damage Potential:Medium
Static file:No
File size:~8.192 Bytes
Engine version:7.08.00.14

 General Method of propagation:
   • Infects files


Aliases:
   •  Mcafee: W32/DunDun
   •  Kaspersky: Virus.Win32.DunDun.1396
   •  Sophos: W32/Dundun-A
   •  Bitdefender: Win32.DunDun.B

Similar detection:
   •  W32/DunDun.A


Platforms / OS:
   • Windows NT
   • Windows 2000
   • Windows XP
   • Windows 2003


Side effects:
   • Infects files

 File infection Infector type:

Appender - The virus main code is added at the end of the infected file.
– The following section is added to the infected file:
   • DENG DUN

Damaging - The files may be improperly infected. This results in infected files that are broken and crash.


Stealth:
 No stealth techinques used. It modifies the OEP (Original Entry Point) of the infected file to point to the virus code.


Self Modification:

Encrypted - The virus code inside the infected file is encrypted.


Method:

This memory-resistent infector remains active in memory.


Infection length:

Approximately 5.100 Bytes


The following files are infected:

By file type:
   • *.exe
   • %all processes started after malware is active in memory%

 Injection – It injects itself into a process.

    Process name:
   • explorer.exe


 Rootkit Technology  Hooks the following API function:
   • CreateFile

Description inserted by Daniel Constantin on Tuesday, March 16, 2010
Description updated by Andrei Ivanes on Tuesday, March 16, 2010

Back . . . .