| Dumaru.A is a Worm. Worms spread from computer to computer, making copies of themselves over the network. They could spread over email, IM, peer-to-peer networks, or directly over the wire by leveraging vulnerabilities. Dumaru.A is compressed using the executable packer and its file size is 9,294 bytes. It uses the network connection:|
- Connects to "egold-hosting.com" on port 6667 (IP).
- Connects to IRC server.
Dumaru.A drops the following files on the hard drive:
It also changes Windows registry:
- C:\WINDOWS\system32\load32.exe (9294 bytes)
- C:\WINDOWS\dllreg.exe (9294 bytes)
- C:\WINDOWS\system32\vxdmgr32.exe (9294 bytes)
- C:\WINDOWS\windrv.exe (8192 bytes)
Dumaru.A makes the following additional changes to the infected computer:
- Creates value "load32"="C:\WINDOWS\system32\load32.exe" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run".
It also is executed every time Windows starts.
- Modifies profile key "run"="C:\WINDOWS\dllreg.exe" in section [windows] of file win.ini.
- Modifies profile key "shell"="explorer.exe C:\WINDOWS\system32\vxdmgr32.exe" in section [boot] of file system.ini.