Home / malware Win32.Warezov.FF@mm
First posted on 21 November 2011.
Source: BitDefenderAliases :
Win32.Warezov.FF@mm is also known as Win32/Stration, Win32.HLLM.Limar, Win32/Stratio, Win32/Strati.
Explanation :
This malware is composed of two parts :
A dropper with the size of 30212 bytes packed with UPX. This drops the dowloader component (described below) in the System32 directory with a random name like FFFFFFFFFF.exe or wwwwwwwwww.exe and executes it.
The downloader component has a size of 13824 bytes. Upon execution it shows a fake error message with the text "Unknown error" which has the purpose of misleading the user into believing that the executable did not run. Then it will wait until an internet connection is available, download an executable from a predefined URL and execute it. The downloading is done with the Winsock functions, and because of that it will fail if a given computer needs to go through a predefined proxy server to access the Internet.Last update 21 November 2011