Home / malware Virus:Win32/Madang.A
First posted on 15 February 2019.
Source: MicrosoftAliases :
Virus:Win32/Madang.A is also known as Win32/Madangel, W32/Madang-A, Virus.Win32.Small.l, W32/Madangel.a, W32.Madangel, PE_MADANGEL.A.
Explanation :
Virus:Win32/Madang.A is a detection for a virus that infects EXE and SCR files. InstallationVirus:Win32/Madang.A arrives in the system as the file serverx.exe in the Windows system folder. It modifies the system registry so that it runs every time Windows starts: Adds value: "Serverx"
With data: "serverx.exe"
To subkey: HKCUSOFTWAREMicrosoftWindowsCurrentVersionRun Note -refers to a variable location that is determined by the malware by querying the Operating System. The default installation location for the System folder for Windows 2000 and NT is C:WinntSystem32; and for XP and Vista is C:WindowsSystem32. While active, Win32/Madang.A monitors the above registry entry to prevent it from being deleted. It creates the mutex Angry Angel v3.0 while active. Spreads Via... Infects FilesVirus:Win32/Madang.A traverses writeable drives from C: to Z: in search of files with the extension .EXE or .SCR. However, it does not infect files found in the C:Windows or C:WINNT folders. When found, it infects these files by appending its virus code. Payload Downloads Other MalwareVirus:Win32/Madang.A accesses the following web sites, from which it may download other malware components: vguarder.91i.net vguarder.bravehost.com Analysis by Jireh Sanico Last update 15 February 2019
