Sonicwall Signatures


Go to All Categories list.

Mydoom.H is a Worm. Worms spread from computer to computer, making copies of themselves over the network. They could spread over email, IM, peer-to-peer networks, or directly over the wire by leveraging vulnerabilities. Mydoom.H has a file size of 32,256 bytes. Mydoom.H drops the following files on the hard drive:
  • C:\WINDOWS\SYSTEM32\wrsiku.exe (35443 bytes)
  • C:\WINDOWS\SYSTEM32\rrpfpmg.dll (9837 bytes)
  • C:\WINDOWS\SYSTEM32\wrsiku.exe (32256 bytes)
It also changes Windows registry:
  • Creates key "HKLM\Software\Microsoft\tppmtmtppptpmppmtm".
  • Creates key "HKCU\Software\Microsoft\tppmtmtppptpmppmtm".
  • Creates key "HKCR\CLSID\{35CEC8A3-2BE6-11D2-8773-92E220524153}\InprocServer32".
  • Sets value "default"="C:\WINDOWS\SYSTEM32\rrpfpmg.dll" in key "HKCR\CLSID\{35CEC8A3-2BE6-11D2-8773-92E220524153}\InprocServer32".
  • Sets value "default"="C:\WINDOWS\SYSTEM32\rrpfpmg.dll" in key "HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InProcServer32".
It also has possible backdoor functionality [3ware] port 1080, is executed every time Windows starts.

Relevant Information