PE_EXPIRO.AX
Windows 2000, Windows XP, Windows Server 2003
Threat Type: File infector
Destructiveness: No
Encrypted: No
In the wild: Yes
OVERVIEW
Infects files
This file infector infects by appending its code to target host files. It infects certain file types by inserting code in the said files.
TECHNICAL DETAILS
Varies
EXE
No
07 Apr 2011
Arrival Details
This malware arrives via the following means:
- may arrive in the system when infected files are executed
- may be downloaded unknowingly when visiting malicious websites
Autostart Technique
This file infector drops the following files:
- %Application Data%\{random}.dll - non-malicious
(Note: %Application Data% is the current user's Application Data folder, which is usually C:\Windows\Profiles\{user name}\Application Data on Windows 98 and ME, C:\WINNT\Profiles\{user name}\Application Data on Windows NT, and C:\Documents and Settings\{user name}\Local Settings\Application Data on Windows 2000, XP, and Server 2003.)
File Infection
This file infector infects by appending its code to target host files.
It infects files with the following file extensions by inserting code in the said files:
- .EXE