Sonicwall Signatures


Go to All Categories list.

Pinom.C_1 is a Worm. Worms spread from computer to computer, making copies of themselves over the network. They could spread over email, IM, peer-to-peer networks, or directly over the wire by leveraging vulnerabilities. Pinom.C_1 is compressed using the executable packer and its file size is 20,992 bytes. It uses the network connection:
  • Looks for an Internet connection.

Pinom.C_1 drops the following files on the hard drive:

  • C:\WINDOWS\SYSTEM32\penis.exe (20992 bytes)
  • C:\WINDOWS\system.ini (39 bytes)
Pinom.C_1 makes the following additional changes to the infected computer:
  • Modifies profile key "shell"="Explorer.exe penis.exe" in section [boot] of file system.ini.
It creates the following mutex to ensure only one instance is running: STFUKTHX. It also monitors the list of running processes.

Relevant Information