Sonicwall Signatures


Go to All Categories list.

Sasser.B is a Worm. Worms spread from computer to computer, making copies of themselves over the network. They could spread over email, IM, peer-to-peer networks, or directly over the wire by leveraging vulnerabilities. Sasser.B is compressed using the executable packer and its file size is 86,032 bytes. It uses the network connection:
  • Connects to "" on port 445 (TCP).

Sasser.B drops the following files on the hard drive:

  • C:\WINDOWS\avserve2.exe (86032 bytes)
It also changes Windows registry:
  • Creates value "avserve2.exe"="C:\WINDOWS\avserve2.exe" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run".
It creates the following mutex to ensure only one instance is running: Jobaka3. JumpallsNlsTillt. It also has possible backdoor functionality [unknown] port 5554, attempts to acquire the "SeDebugPrivilege" privileges, monitors the list of running processes, is executed every time Windows starts.

Relevant Information