W32/Bagle.AI@mm
| W32/Bagle.AI@mm |
Destructivity:  Spreading:  Overall risk: 
|
| • Detected by virus detection files published: 8/9/2004 | • Type: Worm |
| • Virus characteristics first published: 8/9/2004 | • Spreading mechanism: Email |
| • Virus characteristics latest update: 12/3/2004 | • Overall risk: Low |
| • Alias: Win32.Bagle.AG [Computer Associates], W32/Bagle.AJ@mm [F-secure], W32/Bagle.aq@MM [Network Associates], W32/Bagle.AM.worm [Panda], W32/Bagle-AQ [Sophos], W32.Beagle.AO@mm [Symantec], WORM_BAGLE.AC [Trend Micro] | • Payload: |
| • Infection type: Microsoft Windows 95/98/98 SE/ME/NT 4/2000/XP/2003/Vista |
| Virus type |
Spreading mechanism |
Destructivity and payload |
Additional descriptions |
Detection and removal |
||||||||||
|
Norman Sandbox analysis: [ General information ] * Attemps to open C:\WINDOWS\SYSTEM\WINdirect.exe NULL. * Locates window "NULL [class Shell_TrayWnd]" on desktop. * Creating several executable files on hard-drive. * File length: 14848 bytes. [ Changes to filesystem ] * Creates file C:\WINDOWS\SYSTEM\WINdirect.exe. * Creates file C:\WINDOWS\SYSTEM\_dll.exe. [ Changes to registry ] * Creates value "win_upd2.exe"="C:\WINDOWS\SYSTEM\WINdirect.exe" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Run". * Creates value "win_upd2.exe"="C:\WINDOWS\SYSTEM\WINdirect.exe" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run". [ Process/window information ] * Modifies other process memory. * Creates a remote thread.
|
||||||||||||||