Worm/Koobface.fx - Worm

See also

Full description

Virus:	Worm/Koobface.fx
Date discovered:	07/04/2009
Type:	Worm
In the wild:	Yes
Reported Infections:	Low to medium
Distribution Potential:	Low to medium
Damage Potential:	Low to medium
Static file:	Yes
File size:	13.312 Bytes
MD5 checksum:	8b7008118f06b4f87aa3bbde8196394b
IVDF version:	7.01.03.22

General Aliases:
   • Mcafee: W32/Koobface.worm.gen.g virus
   • Sophos: W32/Koobfa-Gen
   • Panda: W32/Koobface.CW.worm
   • Eset: Win32/Koobface.FX
   • Bitdefender: Trojan.Generic.2191409

Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003

Side effects:
   • Downloads malicious files
   • Drops malicious files
   • Registry modification

Files It copies itself to the following location:
   • %WINDIR%\ld%number%.exe

It tries to download a file:

– The locations are the following:
   • http://fdns6mar09.info/**********
   • http://ram06032009.biz/**********
   • http://lastshanse26032009.com/**********
   • http://er06032009.biz/**********
   • http://nua06032009.biz/**********
   • http://wnames0603.com/**********
At the time of writing this file was not online for further investigation.

Registry One of the following values is added in order to run the process after reboot:

– [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
• "sysldtray"="%WINDIR%\ld%number%.exe"

File details Runtime packer:
In order to aggravate detection and reduce size of the file it is packed with a runtime packer.

See a brief description here.

Inserted by Petre Galan on Fri, 27 Nov 2009 10:59 (GMT+1)
Updated by Petre Galan on Fri, 27 Nov 2009 11:03 (GMT+1)

« Back

Worm/Koobface.fx - Worm

Latest News