SonicALERT
Search

Sonicwall Signatures

 

Go to All Categories list.


  Dumaru.A
Dumaru.A is a Worm. Worms spread from computer to computer, making copies of themselves over the network. They could spread over email, IM, peer-to-peer networks, or directly over the wire by leveraging vulnerabilities. Dumaru.A is compressed using the executable packer and its file size is 9,294 bytes. It uses the network connection:
  • Connects to "egold-hosting.com" on port 6667 (IP).
  • Connects to IRC server.

Dumaru.A drops the following files on the hard drive:

  • C:\WINDOWS\system32\load32.exe (9294 bytes)
  • C:\WINDOWS\dllreg.exe (9294 bytes)
  • C:\WINDOWS\system32\vxdmgr32.exe (9294 bytes)
  • C:\WINDOWS\windrv.exe (8192 bytes)
It also changes Windows registry:
  • Creates value "load32"="C:\WINDOWS\system32\load32.exe" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run".
Dumaru.A makes the following additional changes to the infected computer:
  • Modifies profile key "run"="C:\WINDOWS\dllreg.exe" in section [windows] of file win.ini.
  • Modifies profile key "shell"="explorer.exe C:\WINDOWS\system32\vxdmgr32.exe" in section [boot] of file system.ini.
It also is executed every time Windows starts.


Relevant Information