SonicALERT
Search

Sonicwall Signatures

 

Go to All Categories list.


  Inject.GH
Inject.GH is a Worm. Worms spread from computer to computer, making copies of themselves over the network. They could spread over email, IM, peer-to-peer networks, or directly over the wire by leveraging vulnerabilities. Inject.GH is compressed using the executable packer and its file size is 20,992 bytes. Inject.GH drops the following files on the hard drive:
  • C:\WINDOWS\System32\drivers\secdrv.sys (7680 bytes)
  • C:\WINDOWS\System32\drivers\runtime.sys (5632 bytes)
It also changes Windows registry:
  • Creates key "HKLM\System\CurrentControlSet\Services\BITS\runtime".
  • Creates value "ImagePath"="\\C:\WINDOWS\System32\drivers\runtime.sys" in key "HKLM\System\CurrentControlSet\Services\BITS\runtime".
  • Creates value "Type"="\x01" in key "HKLM\System\CurrentControlSet\Services\BITS\runtime".
  • Creates value "Start"="\x03" in key "HKLM\System\CurrentControlSet\Services\BITS\runtime".


Relevant Information