SecurityHome.eu Win32.Worm.RJump.B

Home / malware PDF

Win32.Worm.RJump.B

First posted on 21 November 2011.
Source: BitDefender
Aliases :
There are no other names known for Win32.Worm.RJump.B.
Explanation :
The worm is written in Python and converted to a Windows executable.
When executed, it copies itself to
%WINDIR%RavMonE.exe
and creates the registry key
HKLMSoftwareMicrosoftWindowsCurrentVersionRunRavAV ="%WINDIR%RavMonE.exe"
in order to be executed at startup.

The worm copies itself to the USB drives together with an autorun script, detected by BitDefender as Trojan.Autorun.EU.

Also, the worm have backdoor capabilities, and when executed, starts listening on a random port, and posts the local IP and port number to URLs :
http://natrocket.????.net:5288/return
http://natrocket.????.net:5288/iesocks
http://natrocket.????.org:5288/iesocks
http://scipaper.????.net:80/iesocks
Last update 21 November 2011

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20