Virus:TR/Sirefef.AG.35
Date discovered:02/05/2012
Type:Trojan
In the wild:No
Reported Infections:Medium
Distribution Potential:Low
Damage Potential:Medium
File size:12.288 Bytes
MD5 checksum:1bf005160D6c0469601128d75e8a0044
VDF version:7.11.29.20 - Wednesday, May 2, 2012
IVDF version:7.11.29.20 - Wednesday, May 2, 2012

 General Method of propagation:
   • No own spreading routine


Aliases:
   •  Mcafee: ZeroAccess.ee
   •  Kaspersky: Trojan.Win32.Small.bmph
   •  Bitdefender: Trojan.Sirefef.FT
   •  Grisoft: Generic28.QXW
   •  GData: Trojan.Sirefef.FT
   •  Norman: Trojan W32/ZAccess.CQL


Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003
   • Windows Vista
   • Windows Server 2008
   • Windows 7


Side effects:
   • Can be used to execute malicious code

 Miscellaneous Event handler:
It creates the following Event handlers:
   • ZwWaitHighEventPair
   • LdrAccessResource
   • LdrFindResource
   • ZwTerminateProcess
   • ZwCreateEventPair
   • ZwSetLowEventPair
   • ZwDelayExecution
   • CryptGenRandom
   • ZwOpenProcess
   • ZwOpenFile
   • WSASocketW
   • WSASendTo
   • WSARecvFrom


String:
Furthermore it contains the following string:
   • GET /geo/txt/**********.php HTTP/1.0

说明添加者: Wensin Lee 打开 2012年5月7日星期一
说明更新者: Wensin Lee 打开 2012年5月25日星期五

反馈 . . . .

© 2013 Avira Operations GmbH & Co. KG. 保留所有权利.

我的帐户

https:// 为了你的安全,此窗口已加密。