Bagle.HT is a Worm. Worms spread from computer to computer, making copies of themselves over the network. They could spread over email, IM, peer-to-peer networks, or directly over the wire by leveraging vulnerabilities. Bagle.HT is compressed using the executable packer and its file size is 28,288 bytes. It also changes Windows registry: - Creates key "HKLM\System\CurrentControlSet\Services\SAMPLE".
- Sets value "ImagePath"="C:\sample.sys" in key "HKLM\System\CurrentControlSet\Services\SAMPLE".
- Sets value "DisplayName"="SAMPLE" in key "HKLM\System\CurrentControlSet\Services\SAMPLE".
Bagle.HT configures following services on NT based machines: - Creates service "SAMPLE (SAMPLE)" as "C:\sample.sys".
|
