PTCH_ZACCESS.SLZ

 Analysis by: Rhena Inocencio

 ALIASES:

Virus:Win32/Sirefef.R (Microsoft), Trojan.Zeroaccess!inf (Symantec), ZeroAccess.ds.gen.c (Mcafee), Virus.Win32.ZAccess.m (Kaspersky)

 PLATFORM:

Windows 2000, Windows XP, Windows Server 2003

 OVERALL RISK RATING:
 DAMAGE POTENTIAL:
 DISTRIBUTION POTENTIAL:
 REPORTED INFECTION:

  • Threat Type: Trojan

  • Destructiveness: No

  • Encrypted:

  • In the wild: Yes

  OVERVIEW

Infection Channel:

Downloaded from the Internet, Dropped by other malware

This is the Trend Micro detection for files patched with malicious code by ZEROACCESS malware family. It is then used as an autostart malware component. Once the normal file is loaded, it executes a copy of the main malware.

  TECHNICAL DETAILS

File Size:

279,552 bytes

File Type:

EXE

Initial Samples Received Date:

01 Aug 2012

NOTES:

This is the Trend Micro detection for files patched with malicious code by ZACCESS malware family. It is then used as a autostart malware component. Once the normal file is loaded, it executes a copy of the main malware.

The original copy of the patched file is saved in the folder %System%\Winsxs\Backup.