Date discovered:11/05/2010
In the wild:Yes
Reported Infections:Low
Distribution Potential:Low
Damage Potential:Medium
Static file:Yes
File size:129.024 Bytes
MD5 checksum:920E659f16f56cc513d33fbdc746e236
VDF version:

 General Aliases:
   •  Symantec: W32.Gammima.AG
   •  Mcafee: PWS-Gamania.gen.u
   •  Kaspersky: Worm.Win32.AutoRun.hdn
   •  TrendMicro: WORM_GAMETHI.TAJ
   •  F-Secure: Trojan.Onlinegames.1182
   •  Sophos: Mal/Taterf-B
   •  Bitdefender: Trojan.Onlinegames.1182
   •  Microsoft: Worm:Win32/Taterf.DM
   •  AVG: Worm/Generic.BFOW
   •  Panda: W32/Lineage.LMR
   •  VirusBuster: Trojan.Magania.AIBP
   •  Eset: Win32/PSW.OnLineGames.OUM
   •  Sunbelt: Worm.Win32.Taterf
   •  GData: Trojan.Onlinegames.1182
   •  Fortinet: W32/AutoRun.HDN!worm
   •  Ikarus: Worm.Win32.AutoRun
   •  Norman: W32/Zbot.SSF
   •  Rising: Trojan.Win32.Generic.5203412C

Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003
   • Windows Vista
   • Windows Server 2008
   • Windows 7

Side effects:
   • Downloads a malicious file
   • Drops a malicious file

 Files It copies itself to the following location:
   • %SYSDIR%\eset.exe

The following file is created:

%SYSDIR%\eset0.dll Further investigation pointed out that this file is malware, too.

It tries to download a file:

– The location is the following:
   • http://www.yahoodsd.com/1tw/*****
It is saved on the local hard drive under: %TEMPDIR%\at.exe Furthermore this file gets executed after it was fully downloaded. Further investigation pointed out that this file is malware, too.

 File details Runtime packer:
In order to aggravate detection and reduce size of the file it is packed with the following runtime packer:
   • ASPack

説明の挿入者 Irina Diaconescu の 2010年8月13日金曜日
説明の更新者 Andrei Ivanes の 2010年8月23日月曜日

戻る . . . .