SecurityHome.eu Win32.Worm.Sasser.D

Home / malware PDF

Win32.Worm.Sasser.D

First posted on 21 November 2011.
Source: BitDefender
Aliases :
Win32.Worm.Sasser.D is also known as WORM_SASSER.D, Win32.HLLW.Jobaka.D.
Explanation :
It works pretty much the same as Win32.Worm.Sasser.{A-C} except the following:

* as already shown at symtoms it uses a different file name and string in start-up registry
* it attemps to import some functions which make its execution on Windows2000 impossible
* it creates two mutexes but only one is checked to avoid reinfection, namely SkynetSasserVersionWithPingFast
* has different port for the remote shell, namely 9995
Last update 21 November 2011

TOP

Malware :

Dridex
Shamoon 2
Hitler-Ransomware
Trojan.Win32.Vicepass.A
ButterflyBot.A

Last 20