¿Necesita ayuda? Pregunte a la comunidad o contrate a un experto.
Ir a Avira Answers
Date discovered:19/08/2011
In the wild:Yes
Reported Infections:Low
Distribution Potential:Medium to high
Damage Potential:Medium
Static file:Yes
File size:266.240 Bytes
MD5 checksum:38771EBCABCBE8BEA7D00D2E8232BAC7
VDF version:
IVDF version:

 General Methods of propagation:
   • Autorun feature
   • Messenger

   •  Kaspersky: Trojan.Win32.VBKrypt.fbnw
   •  Microsoft: Worm:Win32/Dorkbot.I
   •  AhnLab: Trojan/Win32.VBKrypt

Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003
   • Windows Vista
   • Windows 7

Side effects:
   • Drops files
   • Registry modification

 Files It copies itself to the following location:
   • %APPDATA%\%random character string%.exe

It deletes the initially executed copy of itself.

 Registry One of the following values is added in order to run the process after reboot:

–  [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
   • "%random character string%"="%APPDATA%\%random character string%.exe"

 Messenger It is spreading via Messenger. The characteristics are described below:

– Windows Live Messenger

 IRC To deliver system information and to provide remote control it connects to the following IRC Servers:

Server: **********hmoney.biz
Port: 4042
Nickname: %random character string%

Server: **********therebitch.com
Port: 4042
Nickname: %random character string%

– This malware has the ability to collect and send information such as:
    • Username
    • Information about the Windows operating system

– Furthermore it has the ability to perform actions such as:
    • connect to IRC server
    • disconnect from IRC server
    • Join IRC channel
    • Leave IRC channel
    • Perform DDoS attack

 Injection – It injects itself as a remote thread into processes.

    Process name:
   • %random process%

 Miscellaneous Anti debugging
Checks for debugger or virtual machine using time related techniques.

 File details Programming language:
The malware program was written in Visual Basic.

Descripción insertada por Andrei Ilie el miércoles, 26 de octubre de 2011
Descripción actualizada por Andrei Ilie el lunes, 31 de octubre de 2011

Volver . . . .