Stration_110 is a Worm. Worms spread from computer to computer, making copies of themselves over the network. They could spread over email, IM, peer-to-peer networks, or directly over the wire by leveraging vulnerabilities. Stration_110 has a file size of 304,425 bytes. It uses the network connection: - Looks for an Internet connection.
- Opens URL: http://www4.vedasetionkderun.com/chr/819/lt.exe.
- Connects to "www4.vedasetionkderun.com" on port 80 (TCP).
- Opens URL: www4.vedasetionkderun.com/chr/819/lt.exe.
- Connects to "yahoo.no" on port 25 (IP).
- Connects SMTP server.
Stration_110 drops the following files on the hard drive: - C:\WINDOWS\serrv.exe (304425 bytes)
- C:\WINDOWS\SYSTEM32\e1.dll (9216 bytes)
It also changes Windows registry: - Creates value "serrv"="C:\WINDOWS\serrv.exe s" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run".
It also is executed every time Windows starts, attempts to acquire the "SeDebugPrivilege" privileges, monitors the list of running processes.
|
