Malas.A is a Worm. Worms spread from computer to computer, making copies of themselves over the network. They could spread over email, IM, peer-to-peer networks, or directly over the wire by leveraging vulnerabilities. Malas.A is compressed using the EMBEDDED executable packer and its file size is 163,840 bytes. Malas.A drops the following files on the hard drive: - C:\WINDOWS\SYSTEM32\REGSCAN.EXE (24576 bytes)
- C:\WINDOWS\SYSTEM32\stray.exe (24576 bytes)
It also changes Windows registry: - Creates value "REGSCAN"="REGSCAN.EXE" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run".
It also has possible backdoor functionality [someserv] port 128, is executed every time Windows starts.
|
