Netsky.Z@m is a Worm. Worms spread from computer to computer, making copies of themselves over the network. They could spread over email, IM, peer-to-peer networks, or directly over the wire by leveraging vulnerabilities. Netsky.Z@m is compressed using the Embedded_I#7a00 executable packer and its file size is 55,808 bytes. Netsky.Z@m drops the following files on the hard drive: - C:\WINDOWS\system32\vcmgcd32.dl_ (17878 bytes)
- C:\WINDOWS\system32\vcmgcd32.dll (36864 bytes)
- C:\WINDOWS\Jammer2nd.exe (55808 bytes)
- C:\WINDOWS\pk_zip_alg.log (56202 bytes)
It also changes Windows registry: - Creates value "Jammer2nd"="C:\WINDOWS\Jammer2nd.exe" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run".
Netsky.Z@m makes the following additional changes to the infected computer: - Creates WindowsHook monitoring keyboard activity.
- Modifies profile key "DEVICE"="55377967ndswd44465" in section [MCIDRV_VER] of file SYSTEM.INI.
It creates the following mutex to ensure only one instance is running: _kuku_joker_v3.09_. KUKU300a. KUKU301a. (S)(k)(y)(N)(e)(t). It also contains anti-debugging code, is executed every time Windows starts.
|