PE_CHIR.C

 Analysis by: Vincent Martin Hermosura

 ALIASES:

Possible_Virus (Intellitrap), Possible_Chir (Alpha_Gen), Virus:Win32/Chir.B@mm (Microsoft), W32.Chir.B@mm (Symmantec), W32/Chir.b@MM (Mcafee), W32/Chir-A (Sophos), Win32.chir.b (v) (Sunbelt), W32/Chir.B (Antivir), W32/Thecid.B@mm (Authentium), Win32.Runouce.B@mm (Bitdefender), Virus.Win32.Virut (Ikarus), a variant of Win32/Madang.B virus (Esset), W32/Chir.B (Panda), Virus.Win32.Runouce (Vba32)

 PLATFORM:

Windows

 OVERALL RISK RATING:
 DAMAGE POTENTIAL:
 DISTRIBUTION POTENTIAL:
 REPORTED INFECTION:
 INFORMATION EXPOSURE:

  • Threat Type: File infector

  • Destructiveness: No

  • Encrypted:

  • In the wild: Yes

  OVERVIEW


This file infector arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

  TECHNICAL DETAILS

File Size:

13,775,356 bytes

File Type:

EXE

Initial Samples Received Date:

20 Sep 2014

Arrival Details

This file infector arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

Dropping Routine

This file infector drops the following files:

  • "%System%\runouce.exe"

(Note: %System% is the Windows system folder, which is usually C:\Windows\System32.)