Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Threats » W32/Pandex

Overview

Threat Risk MEDIUM MEDIUM
Destructivity Unknown UNKNOWN
Payload
Detection files published 09 Nov 2009 03:00:00
Description created 09 Dec 2009 03:34:00
Description updated 09 Dec 2009 03:34:00
Malware type TROJAN
Alias TrojanDownloader:Win32/Cutwail.AR
Cutwail.gen.d
Trojan-Downloader:W32/Cutwail.gen!A
Mal/Pushdo-F
Spreading mechanism
Summary

W32/Pandex

Spreading

On execution, it injects code into other system processes, for example, 'svchost.exe'. The injected code tries to connect to a certain IP address using port 80 to report infection of the system and to retrieve downloading commands from remote server.
It creates the following Mutex to mark its presence.
0128301283091283012830128301801283123812038012381029830128310283 Ajsdoasjdoasjdasoidjaosdjoasjdaosijdsad
 

Payload Details

n/a

Analysis

[Detection Info] * Filename: C:\DocumentsandSettings\norman\Desktop\b85a2ea9db6bf7a20e9d313db9ff488e.exe * Sandbox name: . * Signature name: NOT_SCANNED. * Compressed: NO. * TLS hooks: NO. * Executable type: Application. * Executable file structure: OK. * File type: PE_I386. [General information] * File length: 22626 bytes. * MD5 hash: b85a2ea9db6bf7a20e9d313db9ff488e [Network services] * Opens URL: http://[Removed] * Connects to "[Removed]" on port 80 (TCP). [Process/window information] * Creates a Mutex 0128301283091283012830128301801283123812038012381029830128310283 * Creates a Mutex ajsdoasjdoasjdasoidjaosdjoasjdaosijdsad  

Removal

n/a


Last Updated: 12 Nov 2015 11:06:14