Korgo.BV is a Virus. A Virus is a software program capable of reproducing itself spreading to other programs on the same computer or on other computers via the network. Korgo.BV is compressed using the executable packer and its file size is 13,824 bytes. Korgo.BV drops the following files on the hard drive: - C:\WINDOWS\system32\tlexi.exe (13824 bytes)
It also changes Windows registry: - Creates key "HKLM\Software\Microsoft\Wireless".
- Creates value "ID"="ogwhxnbswhhgdfbhvx" in key "HKLM\Software\Microsoft\Wireless".
- Creates value "Client"="1" in key "HKLM\Software\Microsoft\Wireless".
- Creates value "Cryptographic Service"="C:\WINDOWS\system32\tlexi.exe" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run".
It creates the following mutex to ensure only one instance is running: gaelicum. uterm20. u8. u9. u10. u11. u12. u13. u13i. u14. u15. u16. u17. u18. u19. u20. It also has possible backdoor functionality [unknown] port 4088, attempts to acquire the "SeDebugPrivilege" privileges, is executed every time Windows starts.
|
