PCの修理が必要ですか?
専門家に頼む
Virus:TR/Dldr.Agent.A.5
Date discovered:10/07/2007
Type:Trojan
In the wild:Yes
Reported Infections:Low
Distribution Potential:Low
Damage Potential:Low to medium
Static file:Yes
File size:86.016 Bytes
MD5 checksum:B22EF26B830600B47A3FEA87ADCFF91C
VDF version:6.39.00.127
IVDF version:6.39.00.131 - Tuesday, July 10, 2007

 General Method of propagation:
   • No own spreading routine


Aliases:
   •  Symantec: W32.SillyFDC
   •  Kaspersky: Trojan.Win32.Jorik.IRCbot.hi
   •  TrendMicro: WORM_NEERIS.KA
   •  Microsoft: Worm:Win32/Neeris


Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003
   • Windows Vista
   • Windows 7


Side effects:
   • Drops files
   • Registry modification

 Files It copies itself to the following location:
   • %WINDIR%\newbin.exe

 Registry One of the following values is added in order to run the process after reboot:

–  [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   • "Ci Servs"="newbin.exe"



The following registry key is added:

– [HKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\
   Internet Settings]
   • "ProxyEnable"=dword:00000000

 Miscellaneous Internet connection:
In order to check for its internet connection the following DNS server is contacted:
   • nice.niceshot.in


Anti debugging
It checks for running programs that contain one of the following strings:
   • Connection monitor tool [tcpview]
   • Analysis tool string [filemon]
   • Analysis tool string [procmon]

Checks for debugger or virtual machine using time related techniques.

 File details Programming language:
The malware program was written in MS Visual C++.


Runtime packer:
In order to aggravate detection and reduce size of the file it is packed with a runtime packer.

説明の挿入者 Andrei Ilie の 2011年3月17日木曜日
説明の更新者 Andrei Ilie の 2011年3月24日木曜日

戻る . . . .
https:// このウィンドウは暗号化されています。