SecurityHome.eu Worm.P2p.Palevo.B

Home / malware PDF

Worm.P2p.Palevo.B

First posted on 21 November 2011.
Source: BitDefender
Aliases :
Worm.P2p.Palevo.B is also known as Rimecud.B, HLLW.Lime, Peerfrag, Pilleuz.
Explanation :
Spreading methods:
Supports P2P: Ares, BearShare, iMesh, Shareza, Kazaa, DC++, eMule, LimeWire.
Supports MSN Messenger as vector.
Supports infecting USB Media.

Has Mozilla and IE password harvesting capability.

Has TCP/UDP flooding capabilities.

Has Backdoor capability.

The infected exe installs itself on the system by copying itsesf in the Rcycler folder and adds itself in the registry to be active at startup, then it decrypts code on the stack and injects it in "explorer.exe". This injected component is the payload.

explorer.exe holds mutex: i4__s__frgk665fn.
Last update 21 November 2011

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20