Home / malware Worm:Win32/Ramnit.A
First posted on 18 August 2010.
Source: SecurityHomeAliases :
Worm:Win32/Ramnit.A is also known as Packed.Win32.Krap.hm (Kaspersky), Trojan horse SHeur3.ANKJ (AVG), TR/Crypt.ZPACK.Gen (Avira), Win32/Ramnit.A (CA), Packed.Win32.Krap (Ikarus), Trj/Krap.Y (Panda), Mal/Zbot-U (Sophos), Trojan.Win32.Generic!BT (Sunbelt Software).
Explanation :
Worm:Win32/Ramnit.A is a worm that is dropped by a Virus:Win32/Ramnit.A-infected executable.
Top
Worm:Win32/Ramnit.A is a worm that is dropped by a Virus:Win32/Ramnit.A-infected executable. Installation When executed, Worm:Win32/Ramnit.A copies itself to %program_files%\microsoft\desktoplayer.exe. Worm:Win32/Ramnit.A also creates a mutex named "KyUffThOkYwRRtgPP". Payload Injects code Worm:Win32/Ramnit.A launches the default web browser and injects code to it. The injected code may be detected as Virus:Win32/Ramnit.A!dll, which contains the file infection functionality. (Refer to Virus:Win32/Ramnit.A!dll for more details) See the description for Virus:Win32/Ramnit.A!dll for more details on the injected code.
Analysis by Chun FengLast update 18 August 2010
