SecurityHome.eu Win32.Mimail.P@mm

Home / malware PDF

Win32.Mimail.P@mm

First posted on 21 November 2011.
Source: BitDefender
Aliases :
Win32.Mimail.P@mm is also known as I-Worm.Mimail.u, (Kaspersky.
Explanation :
When ran, the worm does the following:

Copies itself to Windows System directory as SMVC32.EXE.
Creates the following registry keys:
- HKLMSoftwareMicrosoftCurrentVersionRunSMVC = %SYSDIR%SMVC32.EXE, so it will be executed every time Windows starts up;
- HKCUSoftwaresocks ;
- HKCUSoftwareserv;
HKCUSoftwarechan;
Connects to an predefined IRC server and listens for commands (such as "execute", shutdown" etc.).
Harvests e-mai addresses from the infected computer, stores them in "c:cyclop.bin" file and periodically sends them to the attacker through e-mail.
Last update 21 November 2011

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20