Small.T is a Worm. Worms spread from computer to computer, making copies of themselves over the network. They could spread over email, IM, peer-to-peer networks, or directly over the wire by leveraging vulnerabilities. Small.T is compressed using the executable packer and its file size is 51,539 bytes. It uses the network connection: - Connects to "ana.mtmyza.net" on port 1863 (TCP).
- Sends data stream (16 bytes) to remote address "ana.mtmyza.net", port 1863.
- Connects to IRC Server.
Small.T drops the following files on the hard drive: - C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (62 bytes)
- C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe (51539 bytes)
It creates the following mutex to ensure only one instance is running: asd-6 094997_. It also attempts to acquire the "SeDebugPrivilege" privileges, monitors the list of running processes.
|
