SecurityHome.eu Worm:Win32/Gamarue.O

Home / malware PDF

Worm:Win32/Gamarue.O

First posted on 01 March 2013.
Source: Microsoft
Aliases :
There are no other names known for Worm:Win32/Gamarue.O.
Explanation :

Worm:Win32/Gamarue.O contains code that is loaded and executed by Worm:Win32/Gamarue.N.

It may have the file name "desktop.ini".

When run, the malware connects to a remote host at the following location:

thesecond.in

From there, it downloads a file which is saved as "thumbs.db". The file is then decrypted and saved as the following:

C:\Temp\TrustedInstaller.exe

Worm:Win32/Gamarue.O then runs this file.

For more information about the Worm:Win32/Gamarue family, see the description elsewhere in the encyclopedia.

Analysis by Ray Roberts

Last update 01 March 2013

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20

Family:

Worm:Win32/Gamarue.O
Worm:Win32/Gamarue.A
Worm:Win32/Gamarue.F
Worm:Win32/Gamarue.N
Worm:Win32/Gamarue.P
Worm:Win32/Gamarue.gen!lnk
Worm:Win32/Gamarue.I