Sonicwall Signatures


Go to All Categories list.

Madang.A is a virus that infects all Windows executable and screensaver files found on the compromised machine. It has the capability of spreading through network shares and removable drives. It injects its codes into legitimate processes to download and execute additional malicious files. It also has the capability of terminating specific antivirus applications.

File Related Changes
It drops the following file(s) on the system:
  • "c:\Windows\System32\Serverx.exe"

Process Related Changes
It creates the following mutex(es):
  • "Angry Angel v3.0"

It injects malicious code into the following process(es):
  • "C:\Windows\system32\WerFault.exe"

      Registry Related Changes
      It makes the following registry modifications to ensure infection after system reboot:
      • HKCU\Software\Microsoft\Windows\CurrentVersion\Run\serverx = C:\Windows\system32\Serverx.exe

      Relevant Information