VanBot.AX_14 is a Worm. Worms spread from computer to computer, making copies of themselves over the network. They could spread over email, IM, peer-to-peer networks, or directly over the wire by leveraging vulnerabilities. VanBot.AX_14 is compressed using the Embedded_I#19735 executable packer and its file size is 218,624 bytes. It uses the network connection: - Connects to "mx1.hotmail.com" on port 25 (TCP).
- Connects SMTP server.
VanBot.AX_14 drops the following files on the hard drive: - C:\WINDOWS\TEMP\~DF2436.tmp (41192 bytes)
- C:\WINDOWS\TEMP\~DF5050.tmp (41192 bytes)
It creates the following mutex to ensure only one instance is running: 00:09:02:156312722. It also attempts to acquire the "SeDebugPrivilege" privileges, monitors the list of running processes.
|
