Home / malware

PDF

Win32.HLLP.Hanta.A

First posted on 21 November 2011.
Source: BitDefender

Aliases :

Win32.HLLP.Hanta.A is also known as W32/HLLP.Hantaner.A, W32.HLLP.Handy, Win32/HLLP.Hantaner, Win32.HLLP.Hantaner, W32.HLLP.Handy, W32/EnerKaz.

Explanation :

This is a harmless executable prepender; the virus itself is a portable executable file of about 24K. The virus is written in Borland Delphi language and it's compressed with the UPX utility.

The virus spreads through Kazaa Network by infecting the shared files of the victim. When run, the virus fetches from the registry the Download Folders of the popular file-sharing utility KaZaa. After that it infects all exe extension files from the current directory, from the Kazaa shared folder and Internet Explorer current download folder.

The infection is made by shifting the original body and the writing its own body in the remaining space. When an infected file is executed the virus will create a temporary file, it will write the original file there and then it executes that file.

The virus does not have any payload.

Last update 21 November 2011

 

TOP