Sonicwall Signatures


Go to All Categories list.

Raleka.H is a Worm. Worms spread from computer to computer, making copies of themselves over the network. They could spread over email, IM, peer-to-peer networks, or directly over the wire by leveraging vulnerabilities. Raleka.H is compressed using the UPX executable packer and its file size is 14,368 bytes. It uses the network connection:
  • Downloads file from as svchost32.exe.
  • Connects to "" on port 80 (TCP).
  • Opens URL:
  • Downloads file from as ntrootkit.exe.
  • Opens URL:
  • Downloads file from as ntrootkit.reg.
  • Opens URL:

Raleka.H drops the following files on the hard drive:

  • C:\WINDOWS\svchost32.exe (4096 bytes)
  • C:\WINDOWS\ntrootkit.exe (4096 bytes)
  • C:\WINDOWS\ntrootkit.reg (4096 bytes)
It also is starting downloaded file - potential security problem.

Relevant Information