Home / malware Virus:Win32/Magistr.B@mm
First posted on 30 July 2019.
Source: MicrosoftAliases :
Virus:Win32/Magistr.B@mm is also known as Win32/Magistr.B, Win32/Magistr.B, Win32.Magistr.B@mm, W32.Magistr.B, Win32/Magistr.29188, Email-Worm.Win32.Magistr.b, W32/Magistr.b@MM, W32/Magistr.b@MM, W32/Magistr.B, W32/Magistr-B, W32.Magistr.39921@mm, PE_Magistr.B, I-Worm.Magistr.B.
Explanation :
Virus:Win32/Magistr.B@mm is a minor variant of Win32/Magistr.A, a virus that infects both local files, and files across a network. This virus that may also spread via e-mail.Win32/Magistr.B may search more file folders on a system during its infection routine, resulting in a higher prevalence or infection count on an infected computer, including networked computers. Installation When this virus is run, it may inject its code into the running Windows Explorer process. It may modify the registry to execute a copy of the virus at each Windows start from the "RunOnce" registry subkey. In addition, and in certain Windows versions, the virus may modify the Windows configuration files SYSTEM.INI and WIN.INI to execute a copy of the virus at Windows start. Win32/Magistr.B may drops a configuration data file with a file extension of .DAT that contains the date of infection among other data. The name of the file dropped is based on the name of the infected computer. Spreads Via… File Infection When running in memory, this virus infects all files with extensions .EXE and .SCR that it can find on the local machine, or on any networked or removable drives. Upon infection, the virus appends its polymorphic code to the last PE section of the host file. There is a short delay between infections. E-mail Win32/Magistr.B attempts to send itself as an attachment in e-mail messages sent to contacts found in the applications Microsoft Outlook, Outlook Express or Netscape Messenger. The virus scans for e-mail addresses in files with extensions .DBX, .MBX and .WAB. Win32/Magistr.B also uses a short list of email addresses as a blacklist so that it avoids sending e-mail messages to accounts with similar addresses. The virus also scans the content of existing data files with the extensions .TXT, .DOC and .JS, then constructs e-mail messages using selected parts of those files. The virus adds a copy of itself as an attachment then sends the message to a potential target using MAPI to send the e-mail. Payload Windows 98/Me Specific Virus:Win32/Magistr.A@mm has a few payloads that target Windows 98/Me computers 30 days after the date of infection. Payloads could include the following: execution of an exploit to gain Ring 0 (Kernel mode) access corruption of sectors within the local hard disk corruption of data stored in flash memory display of offensive messages to the user Debugger Detection This virus may respond differently on computers running debugging utilities, or within a debugging environment such as a virtual machine. It is coded to detect user and kernel mode debuggers. Analysis by Josh Phillips
Last update 30 July 2019
