| Bagle.AG is a Worm. Worms spread from computer to computer, making copies of themselves over the network. They could spread over email, IM, peer-to-peer networks, or directly over the wire by leveraging vulnerabilities. Bagle.AG is compressed using the executable packer and its file size is 21,547 bytes. Bagle.AG drops the following files on the hard drive: |
It also changes Windows registry:
- C:\WINDOWS\system32\sys_xp.exe (21547 bytes)
- C:\WINDOWS\system32\sys_xp.exeopen (21547 bytes)
- C:\MYSHAR~1\Microsoft Office 2003 Crack, Working!.exe (21547 bytes)
It creates the following mutex to ensure only one instance is running: MuXxXxTENYKSDesignedAsTheFollowerOfSkynet-D.
- Creates value "key"="C:\WINDOWS\system32\sys_xp.exe" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Run".
DIt also attempts to acquire the "SeDebugPrivilege" privileges, is executed every time Windows starts.
. _-oOaxX|- S - k - y - N - e - t -|XxKOo-_. [SkyNet.cz]SystemsMutex. AdmSkynetJklS003. ____--->>>>U<<<<--____. _-oO]xX|-S-k-y-N-e-t-|Xx[Oo-_.