SonicALERT
Search

Sonicwall Signatures

 

Go to All Categories list.


  Raleka.H
Raleka.H is a Worm. Worms spread from computer to computer, making copies of themselves over the network. They could spread over email, IM, peer-to-peer networks, or directly over the wire by leveraging vulnerabilities. Raleka.H is compressed using the UPX executable packer and its file size is 14,368 bytes. It uses the network connection:
  • Downloads file from http://www.arrakis.es/~900k/svchost2.exe52 as svchost32.exe.
  • Connects to "www.arrakis.es" on port 80 (TCP).
  • Opens URL: www.arrakis.es/~900k/svchost2.exe52.
  • Downloads file from http://www.arrakis.es/~900k/ntrootkit.exe as ntrootkit.exe.
  • Opens URL: www.arrakis.es/~900k/ntrootkit.exe.
  • Downloads file from http://www.arrakis.es/~900k/ntrootkit.reg as ntrootkit.reg.
  • Opens URL: www.arrakis.es/~900k/ntrootkit.reg.

Raleka.H drops the following files on the hard drive:

  • C:\WINDOWS\svchost32.exe (4096 bytes)
  • C:\WINDOWS\ntrootkit.exe (4096 bytes)
  • C:\WINDOWS\ntrootkit.reg (4096 bytes)
It also is starting downloaded file - potential security problem.


Relevant Information