| Mytob.X_4 is a Worm. Worms spread from computer to computer, making copies of themselves over the network. They could spread over email, IM, peer-to-peer networks, or directly over the wire by leveraging vulnerabilities. Mytob.X_4 is compressed using the Embedded_I#157e0 executable packer and its file size is 129,024 bytes. This malware is written in Visual Basic. It uses the network connection: - Looks for an Internet connection.
- Connects to "l0v3ly4.dynu.net" on port 6668 (TCP).
- Sends data stream (46 bytes) to remote address "l0v3ly4.dynu.net", port 6668.
- Connects to IRC Server.
- IRC: Uses nickname [I]gkfmtyiigspe.
Mytob.X_4 drops the following files on the hard drive: - C:\WINDOWS\system32\taskgmr.exe (129024 bytes)
- C:\funny_pic.scr (129024 bytes)
- C:\see_this!!.scr (129024 bytes)
- C:\my_photo2005.scr (129024 bytes)
- C:\hellmsn.exe (6050 bytes)
It creates the following mutex to ensure only one instance is running: H-E-L-L-B-O-T. |
