Patched.GT_2 is a Worm. Worms spread from computer to computer, making copies of themselves over the network. They could spread over email, IM, peer-to-peer networks, or directly over the wire by leveraging vulnerabilities. Patched.GT_2 is compressed using the executable packer and its file size is 32,256 bytes. Patched.GT_2 drops the following files on the hard drive: - C:\WINDOWS\system\svchost.exe (32256 bytes)
It also changes Windows registry: - Creates key "HKLM\Software\\Microsoft\\Windows".
- Sets value "Kaspersky"="C:\sample.exe" in key "HKLM\Software\\Microsoft\\Windows".
- Creates key "HKLM\System\CurrentControlSet\Services\SVCHOSTS32".
- Sets value "ImagePath"=""C:\WINDOWS\system\svchost.exe"" in key "HKLM\System\CurrentControlSet\Services\SVCHOSTS32".
- Sets value "DisplayName"="Windows Host Services " in key "HKLM\System\CurrentControlSet\Services\SVCHOSTS32".
Patched.GT_2 configures following services on NT based machines: - Creates service "SVCHOSTS32 (Windows Host Services )" as ""C:\WINDOWS\system\svchost.exe"".
It creates the following mutex to ensure only one instance is running: xsjuDhd7jxbu. |
