Home / malware Tool:Win32/Angryscan.A
First posted on 01 May 2009.
Source: SecurityHomeAliases :
Tool:Win32/Angryscan.A is also known as Also Known As:not-a-virus:NetTool.Win32.Portscan.c (Kaspersk, Win32/NetTool.Portscan.C (ESET), PortScan-Angry (McAfee).
Explanation :
Tool:Win32/Angryscan.A is a tool used to 'sniff' for or gather information sent over a network by a specific IP address range.
Symptoms
System ChangesThe following system changes may indicate the presence of Tool:Win32/Angryscan.A:The presence of the following files:
<system folder>file1
%windir%file2The presence of the following registry subkeys:
HKCUSoftwareAngryziber
HKCUSoftwareAngryziberipscanThe display of the following user interface:
Tool:Win32/Angryscan.A is a tool used to 'sniff' for or gather information sent over a network by a specific IP address range.
Installation
When installed, Tool:Win32/Angryscan.A creates the following registry keys:
HKCUSoftwareAngryziber
HKCUSoftwareAngryziberipscan The tool has the following user interface:
Payload
Tool:Win32/Angryscan.A is capable of sniffing the following information from a user-supplied IP range: hostname
computer name
domain name
group name
IP address
MAC address
NETBIOS info
TTL (time-to-live)
open ports (for example, whether the ports for FTP, HTTP, HTTPS, SMTP, POP3 are open)
Analysis by Tim LiuLast update 01 May 2009
