Worm/Braban.H - Worm

See also

Full description

Virus:	Worm/Braban.H
Date discovered:	04/09/2006
Type:	Worm
In the wild:	Yes
Reported Infections:	Low to medium
Distribution Potential:	Medium
Damage Potential:	Medium
Static file:	Yes
File size:	20.480 Bytes
MD5 checksum:	05aee6f98b1a92833dc0c56c833c3e54
VDF version:	6.35.01.177
IVDF version:	6.35.01.181

General Aliases:
   • Kaspersky: IM-Worm.Win32.Braban.h
   • F-Secure: IM-Worm.Win32.Braban.h
   • Bitdefender: Win32.Worm.Braban.B

Platforms / OS:
   • Windows 98 SE
   • Windows ME
   • Windows 2000
   • Windows XP
   • Windows 2003

Side effects:
   • Third party control

Files It copies itself to the following location:
• %PROGRAM FILES%\MSN Messenger\msnmsgr.exe

It renames the following file:

• %PROGRAM FILES%\MSN Messenger\msnmsgr.exe into %PROGRAM FILES%\MSN Messenger\msnm.exe

Backdoor Contact server:
The following:
   • http://go.links**********

Once connected it will retrieve an additional list of servers.
As a result remote control capability is provided. This is done via the HTTP GET request on a PHP script.

Remote control capabilities:
    • Download file
    • Visit a website

File details Runtime packer:
In order to aggravate detection and reduce size of the file it is packed with the following runtime packers:
• Morphine
• UPX

See a brief description here.

Inserted by Andrei Ivanes on Tue, 05 Sep 2006 08:51 (GMT+1)
Updated by Andrei Ivanes on Thu, 07 Sep 2006 10:43 (GMT+1)

« Back

Worm/Braban.H - Worm

Latest News