Virus:W32/Pidez.A
Date discovered:28/07/2008
Type:File infector
In the wild:Yes
Reported Infections:Low
Distribution Potential:Low to medium
Damage Potential:Low to medium
Static file:No
File size:32.256 Bytes
IVDF version:7.00.05.151 - Tuesday, July 22, 2008

 General Method of propagation:
   • Infects files


Aliases:
   •  Kaspersky: Virus.Win32.Agent.ba
   •  Bitdefender: Win32.Selfish.F

Similar detection:


Platforms / OS:
   • Windows 95
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP
   • Windows 2003


Side effects:
   • Drops files
   • Infects files

 Files The following files are created:

– Non malicious file:
   • %infected files%.txt

– A file that is for temporary use and it might be deleted afterwards:
   • temp%number%

%executed file%.exe Furthermore it gets executed after it was fully created. This is the original version of the file before infection.

 File infection Infector type:

Prepender - The virus code is added at the begining of the infected file.


Stealth:
 No stealth techinques used. It modifies the OEP (Original Entry Point) of the infected file to point to the virus code.


Method:

This direct-action infector actively searches for files.


Infection length:

- 32.256 Bytes


The following files are infected:

By file type:
   • *.exe

Files in any of the following directories:
   • %all directories%

 File details Programming language:
 The malware program was written in Delphi.


Runtime packer:
In order to aggravate detection and reduce size of the file it is packed with the following runtime packer:
   • ASPack 2.12

Description inserted by Daniel Constantin on Wednesday, March 17, 2010
Description updated by Daniel Constantin on Wednesday, March 17, 2010

Back . . . .