Precisa de ajuda? Peça à comunidade ou contrate um perito.
Acesse a Avira Answers
Date discovered:10/07/2007
In the wild:Yes
Reported Infections:Low
Distribution Potential:Low
Damage Potential:Low to medium
Static file:Yes
File size:86.016 Bytes
MD5 checksum:B22EF26B830600B47A3FEA87ADCFF91C
VDF version:
IVDF version: - Tuesday, July 10, 2007

 General Method of propagation:
   • No own spreading routine

   •  Symantec: W32.SillyFDC
   •  Kaspersky: Trojan.Win32.Jorik.IRCbot.hi
   •  TrendMicro: WORM_NEERIS.KA
   •  Microsoft: Worm:Win32/Neeris

Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003
   • Windows Vista
   • Windows 7

Side effects:
   • Drops files
   • Registry modification

 Files It copies itself to the following location:
   • %WINDIR%\newbin.exe

 Registry One of the following values is added in order to run the process after reboot:

–  [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   • "Ci Servs"="newbin.exe"

The following registry key is added:

– [HKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\
   Internet Settings]
   • "ProxyEnable"=dword:00000000

 Miscellaneous Internet connection:
In order to check for its internet connection the following DNS server is contacted:

Anti debugging
It checks for running programs that contain one of the following strings:
   • Connection monitor tool [tcpview]
   • Analysis tool string [filemon]
   • Analysis tool string [procmon]

Checks for debugger or virtual machine using time related techniques.

 File details Programming language:
The malware program was written in MS Visual C++.

Runtime packer:
In order to aggravate detection and reduce size of the file it is packed with a runtime packer.

Descrição enviada por Andrei Ilie em quinta-feira, 17 de março de 2011
Descrição atualizada por Andrei Ilie em quinta-feira, 24 de março de 2011

Voltar . . . .