Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Threats » W32/Bagle.AK

Overview

Threat Risk LOW LOW
Destructivity NONE NONE
Payload
Detection files published
Description created 31 Aug 2004 01:54:00
Description updated 13 Sep 2004 01:54:00
Malware type WORM
Alias
Spreading mechanism OTHER
Summary None

W32/Bagle.AK

Spreading

n/a

Payload Details

n/a

Analysis

foto1.exe : [SANDBOX] contains a security risk - W32/Malware [ General information ] * **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: analysis@lumension.com - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**. * Creating several executable files on hard-drive. * File length: 12800 bytes. [ Changes to filesystem ] * Creates file C:\WINDOWS\SYSTEM\doriot.exe. * Creates file C:\WINDOWS\SYSTEM\gdqfw.exe. * Deletes file C:\WINDOWS\_re_file.exe. [ Changes to registry ] * Creates value "wersds.exe"="C:\WINDOWS\SYSTEM\doriot.exe" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Run". * Creates value "wersds.exe"="C:\WINDOWS\SYSTEM\doriot.exe" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run". [ Process/window information ] * Will automatically restart after boot (I’ll be back...). * Enumerates running processes. * Modifies other process memory. * Creates a remote thread. * Enumerates running processes several parses....

Removal

This malware was proactively detected by Lumension's Sandbox.


Last Updated: 12 Nov 2015 11:06:11