Simple Analysis of MA worm. win32.agent. IMH hanging on the Literature Forum
EndurerOriginal
1Version
I failed to download the horse from the literature forum yesterday. I tried again and finally downloaded it.
Ga.exe uses the UPX Shell
Before shelling:
File Description: D:/test/ga.exe
Attribute: ---
An error occurred while obtaining the file version information!
Creation Time:
Modification time:
Access time:
Size: 16933 bytes, 16.549 KB
MD5: 72525ccb22d2fa50c67729a0cd4af3ce
After shelling:
File Description: D:/test/ga_org.exe
Attribute: ---
An error occurred while obtaining the file version information!
Creation Time:
Modification time:
Access time:
Size: 22053 bytes, 21.549 KB
MD5: 1a8d608a5a0a873f8efa1cdaa7c624f8
After running, you will copy yourself to/program files/Internet Explorer/plugins/. The file name is newtemp. BKK and newtemp. dll.
Modify the registry and register it to shellexecutehooks. the CLSID is {0ea66ad2-cf26-2e23-532b-b292e22f3266 }.
Kaspersky reportsTrojan-PSW.Win32.Delf.whThe rising report isWorm. win32.agent. IMH