Home / malwarePDF  

Win32.Worm.Ice.A


First posted on 21 November 2011.
Source: BitDefender

Aliases :

Win32.Worm.Ice.A is also known as Virus.Win32.Drowor.A, Trj/QQpass.PL, W32.Jacksuf.A, W32/Cekar, Worm.Delf.bg, W32/Trojan.AATR.

Explanation :

This is a mixed threat, composed out of
a file-infector component which increases the size of the executables with ~30Ka downloader which downloads and executes a file from a given URL (the url seems to be inactive for the moment)Upon execution of an infected file, it drops the payload in the %WINDOWS%systeminternat.exe file. This in turn injects code in crss.exe and smss.exe which performs the infection. An other copy of the malware is dropped in the root folder with the name "setup.exe" and an autorun.inf file is created in the root referencing the "setup.exe" executable to ensure its start-up.

Last update 21 November 2011

 

TOP