PE_GEMI.A


 ALIASES:

W32.Chiton.gen(Symantec), W32/Chiton-E(Sophos), Virus.Win32.Chiton.b(Kaspersky), W32/Chiton.BD(Avira), W32/Chiton.2065(F-Prot), W32/Chiton.e(McAfee)

 PLATFORM:

Windows 2000, XP, Server 2003

 OVERALL RISK RATING:
 DAMAGE POTENTIAL:
 DISTRIBUTION POTENTIAL:
 REPORTED INFECTION:
 SYSTEM IMPACT RATING:

  • Threat Type: File infector

  • Destructiveness: No

  • Encrypted: No

  • In the wild: Yes

  OVERVIEW

This file infector infects by appending its code to target host files.

  TECHNICAL DETAILS

File Size:

2,065 bytes

File Type:

PE

Memory Resident:

Yes

Initial Samples Received Date:

20 Mar 2002

Installation

This file infector drops the following files:

  • %Windows%\gemini.exe - detected as PE_GEMI.A

(Note: %Windows% is the Windows folder, which is usually C:\Windows or C:\WINNT.)

File Infection

This file infector infects the following file types:

  • EXE
  • DLL

It infects by appending its code to target host files.