SonicALERT
Search

Sonicwall Signatures

 

Go to All Categories list.


  Virut.A_1197
Virut.A_1197 is a polymorphic file infector virus that target Microsoft Windows operating systems. It is known to infect files with .exe and .scr extensions on local drives, removable media, and network shares.

Mutexes created
  • DBWinMutex


Directory level activity
    • Nothing to report


    File level activity
    • delete - file - C:\DOCUME~1\TestMachine\LOCALS~1\Temp\8c447b0c371a7131cf640bcebef99453.bin:Zone.Identifier
    • delete - file - C:\DOCUME~1\TestMachine\LOCALS~1\Temp\8c447b0c371a7131cf640bcebef99453.bin


    Registry level activity
      • Nothing to report


      Library level activity
      • load - library - KERNEL32.DLL
      • load - library - advapi32.dll
      • load - library - ole32.dll
      • load - library - oleaut32.dll
      • load - library - user32.dll
      • load - library - C:\DOCUME~1\TestMachine\LOCALS~1\Temp\8c447b0c371a7131cf640bcebef99453.ENU
      • load - library - C:\DOCUME~1\TestMachine\LOCALS~1\Temp\8c447b0c371a7131cf640bcebef99453.EN
      • load - library - kernel32.dll
      • load - library - comctl32.dll
      • load - library - OLEAUT32.DLL
      • load - library - netapi32.dll
      • load - library - gdi32.dll
      • load - library - version.dll
      • load - library - USER32.DLL
      • load - library - USER32
      • load - library - User32.dll
      • load - library - ws2_32.dll
      • load - library - uxtheme.dll
      • load - library - ADVAPI32.dll
      • load - library - mscoree.dll
      • load - library - C:\Documents and Settings\TestMachine\Start Menu\Programs\Startup\winsvc.ENU
      • load - library - C:\Documents and Settings\TestMachine\Start Menu\Programs\Startup\winsvc.EN
      • load - library - mscoree.dll


      Process API calls used
      • VirtualProtectEx
      • NtOpenSection
      • NtFreeVirtualMemory
      • CreateProcessInternalW
      • ExitProcess


      Registry API calls used
      • RegOpenKeyExA
      • NtOpenKey
      • NtQueryValueKey
      • RegCreateKeyExA
      • RegQueryValueExA
      • RegQueryValueExA


      System API calls used
      • LdrLoadDll
      • LdrGetProcedureAddress
      • LdrGetDllHandle
      • NtDelayExecution


      Filesystem API calls used
      • NtOpenFile
      • NtCreateFile
      • NtQueryInformationFile
      • NtSetInformationFile
      • NtReadFile
      • FindFirstFileExW
      • DeleteFileA

      Network

      UDP source >> destination
      • 192.168.30.2 >> 192.168.30.255
      • 192.168.30.254 >> 192.168.30.2


      TCP source >> destination
      • 192.168.30.2 >> 192.168.30.254



      Domains:
      • NA

      DNS Request:
      • NA

      HTTP Request:
      • NA

      DLL related data
      Number of DLL's imported = 5
      • KERNEL32.DLL
      • advapi32.dll
      • ole32.dll
      • oleaut32.dll
      • user32.dll


      Relevant Information