Need help? Ask the community or hire an expert.
Go to Avira Answers
Virus:EXP/Pidief.zar
Date discovered:19/12/2012
Type:Exploit
In the wild:No
Reported Infections:Medium
Distribution Potential:Low
Damage Potential:Low to medium
Static file:Yes
File size:13.672 Bytes
MD5 checksum:46fbd9ecec529151e6ec7ffac2f9f94e
VDF version:7.11.54.86 - Wednesday, December 19, 2012
IVDF version:7.11.54.86 - Wednesday, December 19, 2012

 General Method of propagation:
   • By visiting infected websites

Similar detection:
     JS/Redirector.SB
     TR/Obisty.A


Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003
    Windows Vista
    Windows Server 2008
    Windows 7


Side effects:
   • Downloads a malicious file
    Drive-by download
   • Makes use of software vulnerability

 Files It tries to download a file:

The location is the following:
   • http://apensiona.ru:8080/**********/links/column.php?%given parameter%
It is saved on the local hard drive under: %HOME%\Local SettingsTemp\wpbt0.dll Furthermore this file gets executed after it was fully downloaded. Further investigation pointed out that this file is malware, too. Detected as: TR/Obisty.A

 File details Programming language:
 • JavaScript


Encryption:
Encrypted - The virus code inside the file is encrypted.

Description inserted by Andrei Gherman on Wednesday, December 19, 2012
Description updated by Andrei Gherman on Wednesday, December 19, 2012

Back . . . .