This window is encrypted for your security.
Need help? Ask the community or hire an expert.
Go to Avira Answers
In the wild:
Low to medium
- Friday, May 14, 2010
Method of propagation:
• Autorun feature
Platforms / OS:
• Windows 2000
• Windows XP
• Windows 2003
• Downloads a file
• Drops files
• Drops malicious files
• Lowers security settings
• Registry modification
• Steals information
It copies itself to the following locations:
It deletes the initially executed copy of itself.
It deletes the following files:
The following files are created:
\autorun.inf This is a non malicious text file with the following content:
%code that runs malware%
\nodqq0.dll Furthermore it gets executed after it was fully created. Further investigation pointed out that this file is malware, too. Detected as: TR/Magania.daxl
It tries to download a file:
– The location is the following:
It is saved on the local hard drive under:
%temporary internet files%
\Content.IE5\YGRGUTKK\am.rar Furthermore this file gets executed after it was fully downloaded.
It tries to executes the following file:
The following registry key is added in order to run the process after reboot:
The following registry keys are changed:
– It injects itself as a thread into a process.
– It injects the following file into a process:
The malware program was written in MS Visual C++.
In order to aggravate detection and reduce size of the file it is packed with the following runtime packers:
Description inserted by Ana Maria Niculescu on Tuesday, July 6, 2010
Description updated by Ana Maria Niculescu on Wednesday, July 7, 2010
Get in touch
Questions? We are happy to help you.
1 800 403 7019
Start a chat
Send an email
Find a solution in our Avira Answers community
Send an email
Case Record Type