Home / malwarePDF  

W32.Unruy.B


First posted on 20 December 2014.
Source: Symantec

Aliases :

There are no other names known for W32.Unruy.B.

Explanation :

When the virus is executed, it connects to the following remote location and downloads a configuration file: xinjie1.3322.org
Next, the virus monitors running processes to identify potential executable files to infect.

The virus then renames legitimate executables to remove their file extensions, sets their attributes to hidden, and creates a copy of itself in the file path of the original file. The copied file uses the same file icon as the hidden, legitimate file.

The virus may also perform the following actions: Open a back doorDownload and execute additional filesUpdate its list of command-and-control serversSchedule tasksDelete files

Last update 20 December 2014

 

TOP