Home / malware Virus:Win32/Patchload.Q
First posted on 09 August 2011.
Source: SecurityHomeAliases :
There are no other names known for Virus:Win32/Patchload.Q.
Explanation :
Virus:Win32/Patchload.Q is a DLL system file that has been modified, by a variant of PWS:Win32/OnLineGames, to run other files that may also be malware, such as other variants of PWS:Win32/OnLineGames.
Top
Virus:Win32/Patchload.Q is a DLL system file that has been modified, by a variant of PWS:Win32/OnLineGames, to run other files that may also be malware, such as other variants of PWS:Win32/OnLineGames.
Installation
Virus:Win32/Patchload.Q is present as code appended to the last PE section in an affected file. When the DLL is called by an application with dependencies, Virus:Win32/Patchload.Q will run its payload.
Payload
Loads arbitrary files
When Virus:Win32/Patchload.Q executes, it attempts to load other files by specific file name, hard-coded in the malware. In the wild, this malware was observed to load files having the following names:
- win32.dll
- nt32.dll
These file names have been associated with other malware, including PWS:Win32/OnLineGames.KQ and PWS:Win32/OnLineGames.ZDV!dll.
Analysis by Jonathan San Jose
Last update 09 August 2011
