Sonicwall Signatures


Go to All Categories list.

Doomjuice.A is a Worm. Worms spread from computer to computer, making copies of themselves over the network. They could spread over email, IM, peer-to-peer networks, or directly over the wire by leveraging vulnerabilities. Doomjuice.A is compressed using the UPX executable packer and its file size is 36,864 bytes. It uses the network connection:
  • Looks for an Internet connection.
  • Connects to "" on port 3127 (TCP).

Doomjuice.A drops the following files on the hard drive:

  • C:\WINDOWS\SYSTEM32\intrenat.exe (36864 bytes)
  • C:\sync-src-1.00.tbz (28569 bytes)
  • N:\sync-src-1.00.tbz (28569 bytes)
  • C:\WINDOWS\sync-src-1.00.tbz (28569 bytes)
  • C:\WINDOWS\SYSTEM32\sync-src-1.00.tbz (28569 bytes)
  • C:\WINDOWS\TEMP\sync-src-1.00.tbz (28569 bytes)
  • C:\DOCUME~1\SANDBOX\sync-src-1.00.tbz (28569 bytes)
It also changes Windows registry:
  • Creates value "Gremlin"="C:\WINDOWS\SYSTEM32\intrenat.exe" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run".
It creates the following mutex to ensure only one instance is running: sync-Z-mtx_133. It also uses common backdoor to infect remote system(s), is executed every time Windows starts.

Relevant Information