 |
Home / malware PDF Print version Virus:Win32/Bamital.A
First posted on 13 July 2010.Aliases :
Virus:Win32/Bamital.A is also known as W32/Patched-J (Sophos).
Explanation :
Virus:Win32/Bamital.A is a detection for patched versions of system DLLs first modified by TrojanDropper:Win32/Bamital.G.
Top
Virus:Win32/Bamital.A is a detection for modified versions of system DLLs first modified by TrojanDropper:Win32/Bamital.G. Installation TrojanDropper:Win32/Bamital.G only modifies the system DLLs listed below, located in the %System% directory and in %System%\dllcache:user32.dll ws2_32.dll ws2help.dll Note: %System% refers to a variable location that is determined by the malware by querying the Operating System. The default installation location for the System folder for Windows 2000 and NT is C:\Winnt\System32; and for XP, Vista, and 7 is C:\Windows\System32. DLLs detected as Virus:Win32/Bamital.A are modified in the following way:A marker is added in the files header to avoid re-infection Code is inserted at the file's entry point. This code loads another file, hlp.dat, that is also dropped in the %System% directory For more information on Virus:Win32/Bamital.A's related components, see TrojanDropper:Win32/Bamital.G elsewhere in the encyclopedia.
Note: hlp.dat is responsible for most of TrojanDropper:Win32/Bamital.G€™s payload
Analysis by Amir FoudaLast update 13 July 2010
Malware : |