Home / malwarePDF  

Worm:Win32/Shard.A


First posted on 31 January 2014.
Source: Microsoft

Aliases :

There are no other names known for Worm:Win32/Shard.A.

Explanation :

Threat behavior

Installation

Worm:Win32/Shard.A creates the following files on your PC:

  • c:\documents and settings\administrator\application data\microsoft\windows\task.exe


Spreads via€¦

Peer-to-peer file sharing


Worm:Win32/Shard.A can spread via Peer-to-Peer (P2P) file sharing by copying itself to the shared folders of some P2P applications. The worm copies itself with a name designed to encourage other users to download and run it.
The following table has more details about how this worm spreads: If the following programs are installed:
The malware can copy itself to the following folders:
Using one of the following file names:
  • bearshare
  • eMule
  • grokster
  • kazaa
  • shareaza
  • %programfiles%\bearshare\shared\
  • %programfiles%\emule\incoming\
  • %programfiles%\grokster\my grokster\
  • %programfiles%\kazaa lite k++\my shared folder\
  • %programfiles%\kazaa lite\my shared folder\
  • %programfiles%\kazaa\my shared folder\
  • %programfiles%\shareaza\downloads\
  • adobe-crack.exe
  • applejuice-crack.exe
  • ares-crack.exe
  • bearshare-crack.exe
  • bittorrent-crack.exe
  • bittorrent_dna-crack.exe
  • common files-crack.exe
  • complus applications-crack.exe
  • difx-crack.exe
  • e-crack.exe
  • edonkey2000-crack.exe
  • emule-crack.exe
  • gnucleus-crack.exe
  • grokster-crack.exe
  • gum1.tmp-crack.exe
  • icq-crack.exe
  • internet explorer-crack.exe
  • kazaa lite k++-crack.exe
  • kazaa lite-crack.exe
  • kazaa-crack.exe
  • kmd-crack.exe
  • komoku-crack.exe
  • limewire-crack.exe
  • messenger-crack.exe
  • microsoft activesync-crack.exe
  • microsoft frontpage-crack.exe
  • microsoft office-crack.exe
  • microsoft.net-crack.exe
  • morpheus-crack.exe
  • movie maker-crack.exe
  • mozilla firefox-crack.exe
  • mozilla maintenance service-crack.exe
  • msbuild-crack.exe
  • msn gaming zone-crack.exe
  • msn-crack.exe
  • netmeeting-crack.exe
  • online services-crack.exe
  • outlook express-crack.exe
  • overnet-crack.exe
  • rapigator-crack.exe
  • reference assemblies-crack.exe
  • shareaza-crack.exe
  • swaptor-crack.exe
  • tesla-crack.exe
  • uninstall information-crack.exe
  • windows media player-crack.exe
  • windows nt-crack.exe
  • windowsupdate-crack.exe
  • winmx music-crack.exe
  • winmx-crack.exe
  • xerox-crack.exe
  • xolox-crack.exe


Payload

Contacts remote host

Worm:Win32/Shard.A might contact a remote host at tazbox.zapto.org using port 80. Commonly, malware does this to:
  • Report a new infection to its author
  • Receive configuration or other data
  • Download and run files, including updates or other malware
  • Receive instructions from a remote hacker
  • Upload data taken from your PC
This malware description was produced and published using automated analysis of file SHA1 6597b0f8ece361f399c68558368429b89ea4db29.Symptoms

System changes

The following could indicate that you have this threat on your PC:

  • You have these files:

    c:\documents and settings\administrator\application data\microsoft\windows\task.exe

Last update 31 January 2014

 

TOP

Malware :

Family: