SonicALERT
Search

Sonicwall Signatures

 

Go to All Categories list.


  Conficker.Y_2
Conficker.Y_2 is a Worm. Worms are reproducing malicious programs that run independently and travel across network connections without human action. They could spread over email, IM, peer-to-peer networks, or directly over the wire by leveraging vulnerabilities. The threat that a worm poses is its capability to replicate itself on the system so the computer can send out hundreds or thousands of copies of itself.

Mutexes created
  • Nothing to report


Directory level activity
    • Nothing to report


    File level activity
      • Nothing to report


      Registry level activity
      • write - registry - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0932c062-299c-11e2-afd8-806d6172696f}\BaseClass
      • write - registry - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0932c060-299c-11e2-afd8-806d6172696f}\BaseClass


      Library level activity
      • load - library - Kernel32
      • load - library - comctl32.dll
      • load - library - SHELL32.dll
      • load - library - ole32.dll
      • load - library - OLE32.DLL
      • load - library - C:\WINDOWS\system32\SHELL32.dll
      • load - library - SETUPAPI.dll
      • load - library - USER32
      • load - library - Kernel32


      Process API calls used
      • NtCreateSection
      • ZwMapViewOfSection


      Registry API calls used
        • Nothing to report


        System API calls used
          • Nothing to report


          Filesystem API calls used
          • NtOpenFile
          • NtOpenFile

          DLL related data
          Number of DLL's imported = 7
          • KERNEL32.dll
          • USER32.dll
          • ADVAPI32.dll
          • MSVCRT.dll
          • GDI32.dll
          • ole32.dll
          • SHELL32.dll

          Domains:
          • NA

          DNS Request:
          • NA

          HTTP Request:
          • NA

          Network

          UDP source >> destination
          • 192.168.30.2 >> 192.168.30.255
          • 192.168.30.254 >> 192.168.30.2


          TCP source >> destination
          • 192.168.30.2 >> 192.168.30.254



          VirusTotal
          • VirusTotal data is not available


          Relevant Information