Agent.ANAP_2 is a Worm. Worms spread from computer to computer, making copies of themselves over the network. They could spread over email, IM, peer-to-peer networks, or directly over the wire by leveraging vulnerabilities. Agent.ANAP_2 is compressed using the UPX executable packer and its file size is 14,336 bytes. Agent.ANAP_2 drops the following files on the hard drive: - C:\sample.exe (14336 bytes)
- "C:\sample.exe" (14336 bytes)
- C:\windows\ld08.exe (14336 bytes)
- C:\43454354.bat (123 bytes)
It also changes Windows registry: - Creates value "sysLDtray"="c:\windows\ld08.exe" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run".
It creates the following mutex to ensure only one instance is running: 645445fg45308. It also is executed every time Windows starts.
|
