PE_EXPIRO.MIKI
October 09, 2012
PLATFORM:
Windows 2000, Windows XP, Windows Server 2003
OVERALL RISK RATING:
DAMAGE POTENTIAL:
DISTRIBUTION POTENTIAL:
REPORTED INFECTION:
Threat Type: File infector
Destructiveness: No
Encrypted: No
In the wild: Yes
OVERVIEW
This file infector infects certain file types by inserting code in the said files.
TECHNICAL DETAILS
File Size:
Varies
File Type:
EXE
Memory Resident:
No
Initial Samples Received Date:
21 Apr 2011
Payload:
Drops files
Arrival Details
This malware arrives via the following means:
- may arrive in the system when infected files are executed
- may be downloaded unknowingly when visiting malicious websites
Autostart Technique
This file infector drops the following files:
- %Application Data%\{random}.dll - non-malicious
(Note: %Application Data% is the current user's Application Data folder, which is usually C:\Windows\Profiles\{user name}\Application Data on Windows 98 and ME, C:\WINNT\Profiles\{user name}\Application Data on Windows NT, and C:\Documents and Settings\{user name}\Local Settings\Application Data on Windows 2000, XP, and Server 2003.)
File Infection
This file infector infects files with the following file extensions by inserting code in the said files:
- .EXE