Home / malware Worm:Win32/Mafusc.A
First posted on 01 April 2014.
Source: MicrosoftAliases :
There are no other names known for Worm:Win32/Mafusc.A.
Explanation :
Threat behavior
Installation
Worm:Win32/Mafusc.A creates the following files on your PC:
- %windir%\assembly\nativeimages_v2.0.50727_32\temp\zape.tmp\system.data.datasetextensions.dll
Spreads via€¦
Removable and network drives
Worm:Win32/Mafusc.A can create the following files on targeted drives:
:\explorer.exe :\subst.lnk
It also creates an autorun.inf file in the root folder of the removable drive. The file has instructions to launch the malware automatically when the removable drive is connected to a PC with the Autorun feature turned on.
This is a common way for malware to spread. However, autorun.inf files on their own are not necessarily a sign of infection; they are also used by legitimate programs.
Payload
Contacts remote host
Worm:Win32/Mafusc.A might contact a remote host at synergy-dev.sytes.net using port 80. Commonly, malware does this to:This malware description was produced and published using automated analysis of file SHA1 14b33a94ae44bf76b80b462a984476569ac34cd1.Symptoms
- Report a new infection to its author
- Receive configuration or other data
- Download and run files, including updates or other malware
- Receive instructions from a remote hacker
- Upload data taken from your PC
System changes
The following could indicate that you have this threat on your PC:
- You have these files:
%windir%\assembly\nativeimages_v2.0.50727_32\temp\zape.tmp\system.data.datasetextensions.dllLast update 01 April 2014
