SymbOS/Cabir.F!tr

Alias/esTrojan.SymbOS.Skuller.q, Symb/Cabir-F, SymbOS.Skulls.C
Release DateAug 23, 2006
Detection Availability
Active DatabaseExtended Database
FortiGatelowhigh
FortiClient
FortiMailN/A
Current Antivirus Definition Database Version: 12.323
Description

Visible Symptoms

Many applications no longer work after infection by this virus.

Detailed Analysis

SymbOS/Cabir.F!tr - 06-08-23


General Info:

This threat has a file size: 235679

More Info:

1. It is a Symbian virus, packed in .sis format.

2. Drops the following files to disable the relevant applications in the phone:

	C:\System\Apps\About\About.aif 
	C:\System\Apps\About\About.app 
	C:\System\Apps\Anti-Virus\Anti-Virus.aif 
	C:\System\Apps\Anti-Virus\Anti-Virus.app 
	C:\System\Apps\Anti-Virus\Anti-Virus.rsc 
	C:\System\Apps\Anti-Virus\backup\AVBioIcons.mbm 
	C:\System\Apps\Anti-Virus\backup\FSBioMessage.bif 
	C:\System\Apps\Anti-Virus\backup\FSBioMessageParser.dll 
	C:\System\Apps\Anti-Virus\FSAV.dll 
	C:\System\Apps\Anti-Virus\FSAVDT.exe 
	C:\System\Apps\Anti-Virus\FSAVEPOC.DAT 
	C:\System\Apps\Anti-Virus\FsAVUpdater.aif 
	C:\System\Apps\Anti-Virus\FsAVUpdater.app 
	C:\System\Apps\Anti-Virus\FsAVUpdater.rsc 
	C:\System\Apps\Anti-Virus\FSSched.aif 
	C:\System\Apps\Anti-Virus\FSSched.app 
	C:\System\Apps\Anti-Virus\FSSched.rsc 
	C:\System\Apps\Anti-Virus\FSSMSManager.dll 
	C:\System\Apps\Anti-Virus\FSUpdateManager.dll 
	C:\System\Apps\Anti-Virus\Hydra1.DLL 
	C:\System\Apps\AppInst\AppInst.aif 
	C:\System\Apps\AppInst\Appinst.app 
	C:\System\Apps\AppMngr\AppMngr.aif 
	C:\System\Apps\AppMngr\Appmngr.app 
	C:\System\Apps\Autolock\Autolock.aif 
	C:\System\Apps\Autolock\Autolock.app 
	C:\System\Apps\Browser\Browser.aif 
	C:\System\Apps\Browser\Browser.app 
	C:\System\Apps\BtUi\BtUi.aif 
	C:\System\Apps\BtUi\BtUi.app 
	C:\System\Apps\bva\bva.aif 
	C:\System\Apps\bva\bva.app 
	C:\System\Apps\Calcsoft\Calcsoft.aif 
	C:\System\Apps\Calcsoft\Calcsoft.app 
	C:\System\Apps\Calendar\Calendar.aif 
	C:\System\Apps\Calendar\Calendar.app 
	C:\System\Apps\Camcorder\Camcorder.aif 
	C:\System\Apps\Camcorder\Camcorder.app 
	C:\System\Apps\CbsUiApp\CbsUiApp.aif 
	C:\System\Apps\CbsUiApp\CbsUiApp.app 
	C:\System\Apps\CERTSAVER\CERTSAVER.aif 
	C:\System\Apps\CERTSAVER\CERTSAVER.APP 
	C:\System\Apps\Chat\Chat.aif 
	C:\System\Apps\Chat\Chat.app 
	C:\System\Apps\ClockApp\ClockApp.aif 
	C:\System\Apps\ClockApp\ClockApp.app 
	C:\System\Apps\CodViewer\CodViewer.aif 
	C:\System\Apps\CodViewer\CodViewer.app 
	C:\System\Apps\ConnectionMonitorUi\ConnectionMonitorUi.aif 
	C:\System\Apps\ConnectionMonitorUi\ConnectionMonitorUi.app 
	C:\System\Apps\Converter\Converter.aif 
	C:\System\Apps\Converter\converter.app 
	C:\System\Apps\cshelp\cshelp.aif 
	C:\System\Apps\cshelp\cshelp.app 
	C:\System\Apps\DdViewer\DdViewer.aif 
	C:\System\Apps\DdViewer\DdViewer.app 
	C:\System\Apps\Dictionary\Dictionary.aif 
	C:\System\Apps\Dictionary\dictionary.app 
	C:\System\Apps\efileman\efileman.aif 
	C:\System\Apps\efileman\efileman.app 
	C:\System\Apps\FExplorer\FExplorer.aif 
	C:\System\Apps\FExplorer\FExplorer.app 
	C:\System\Apps\FileManager\FileManager.aif 
	C:\System\Apps\FileManager\FileManager.app 
	C:\System\Apps\FileView\FileView.aif 
	C:\System\Apps\FileView\FileView.app 
	C:\System\Apps\GS\GS.aif 
	C:\System\Apps\GS\gs.app 
	C:\System\Apps\ImageViewer\ImageViewer.aif 
	C:\System\Apps\ImageViewer\ImageViewer.app 
	C:\System\Apps\location\location.aif 
	C:\System\Apps\location\location.app 
	C:\System\Apps\Logs\Logs.aif 
	C:\System\Apps\Logs\Logs.app 
	C:\System\Apps\mce\mce.aif 
	C:\System\Apps\mce\mce.app 
	C:\System\Apps\MediaGallery\MediaGallery.aif 
	C:\System\Apps\MediaGallery\MediaGallery.app 
	C:\System\Apps\MediaPlayer\MediaPlayer.aif 
	C:\System\Apps\MediaPlayer\MediaPlayer.app 
	C:\System\Apps\MediaSettings\MediaSettings.aif 
	C:\System\Apps\MediaSettings\MediaSettings.app 
	C:\System\Apps\Menu\Menu.aif 
	C:\System\Apps\Menu\Menu.app 
	C:\System\Apps\mmcapp\mmcapp.aif 
	C:\System\Apps\mmcapp\mmcapp.app 
	C:\System\Apps\MMM\MMM.aif 
	C:\System\Apps\MMM\MMM.app 
	C:\System\Apps\MmsEditor\MmsEditor.aif 
	C:\System\Apps\MmsEditor\MmsEditor.app 
	C:\System\Apps\MmsViewer\MmsViewer.aif 
	C:\System\Apps\MmsViewer\MmsViewer.app 
	C:\System\Apps\MsgMailEditor\MsgMailEditor.aif 
	C:\System\Apps\MsgMailEditor\MsgMailEditor.app 
	C:\System\Apps\MsgMailViewer\MsgMailViewer.aif 
	C:\System\Apps\MsgMailViewer\MsgMailViewer.app 
	C:\System\Apps\MusicPlayer\MusicPlayer.aif 
	C:\System\Apps\MusicPlayer\MusicPlayer.app 
	C:\System\Apps\Notepad\Notepad.aif 
	C:\System\Apps\Notepad\Notepad.app 
	C:\System\Apps\NpdViewer\NpdViewer.aif 
	C:\System\Apps\NpdViewer\NpdViewer.app 
	C:\System\Apps\NSmlDMSync\NSmlDMSync.aif 
	C:\System\Apps\NSmlDMSync\NSmlDMSync.app 
	C:\System\Apps\NSmlDSSync\NSmlDSSync.aif 
	C:\System\Apps\NSmlDSSync\NSmlDSSync.app 
	C:\System\Apps\Phone\Phone.aif 
	C:\System\Apps\Phone\Phone.app 
	C:\System\Apps\Phonebook\Phonebook.aif 
	C:\System\Apps\Phonebook\Phonebook.app 
	C:\System\Apps\Pinboard\Pinboard.aif 
	C:\System\Apps\Pinboard\Pinboard.app 
	C:\System\Apps\PRESENCE\PRESENCE.aif 
	C:\System\Apps\PRESENCE\PRESENCE.APP 
	C:\System\Apps\ProfiExplorer\ProfiExplorer.aif 
	C:\System\Apps\ProfiExplorer\ProfiExplorer.app 
	C:\System\Apps\ProfileApp\ProfileApp.aif 
	C:\System\Apps\ProfileApp\profileapp.app 
	C:\System\Apps\ProvisioningCx\ProvisioningCx.aif 
	C:\System\Apps\ProvisioningCx\ProvisioningCx.app 
	C:\System\Apps\PSLN\PSLN.aif 
	C:\System\Apps\PSLN\PSLN.app 
	C:\System\Apps\PushViewer\PushViewer.aif 
	C:\System\Apps\PushViewer\PushViewer.app 
	C:\System\Apps\Satui\Satui.aif 
	C:\System\Apps\Satui\Satui.app 
	C:\System\Apps\SchemeApp\SchemeApp.aif 
	C:\System\Apps\SchemeApp\SchemeApp.app 
	C:\System\Apps\ScreenSaver\ScreenSaver.aif 
	C:\System\Apps\ScreenSaver\ScreenSaver.app 
	C:\System\Apps\Sdn\Sdn.aif 
	C:\System\Apps\Sdn\Sdn.app 
	C:\System\Apps\SimDirectory\SimDirectory.aif 
	C:\System\Apps\SimDirectory\SimDirectory.app 
	C:\System\Apps\SmartFileMan\SmartFileMan.aif 
	C:\System\Apps\SmartFileMan\SmartFileMan.app 
	C:\System\Apps\SmsEditor\SmsEditor.aif 
	C:\System\Apps\SmsEditor\SmsEditor.app 
	C:\System\Apps\SmsViewer\SmsViewer.aif 
	C:\System\Apps\SmsViewer\SmsViewer.app 
	C:\System\Apps\Speeddial\Speeddial.aif 
	C:\System\Apps\Speeddial\Speeddial.app 
	C:\System\Apps\Startup\Startup.aif 
	C:\System\Apps\Startup\Startup.app 
	C:\System\Apps\SysAp\SysAp.aif 
	C:\System\Apps\SysAp\SysAp.app 
	C:\System\Apps\SystemExplorer\SystemExplorer.aif 
	C:\System\Apps\SystemExplorer\SystemExplorer.app 
	C:\System\Apps\ToDo\ToDo.aif 
	C:\System\Apps\ToDo\ToDo.app 
	C:\System\Apps\Ussd\Ussd.aif 
	C:\System\Apps\Ussd\Ussd.app 
	C:\System\Apps\VCommand\VCommand.aif 
	C:\System\Apps\VCommand\VCommand.app 
	C:\System\Apps\Vm\Vm.aif 
	C:\System\Apps\Vm\Vm.app 
	C:\System\Apps\Voicerecorder\Voicerecorder.aif 
	C:\System\Apps\Voicerecorder\Voicerecorder.app 
	C:\System\Apps\WALLETAVMGMT\WALLETAVMGMT.aif 
	C:\System\Apps\WALLETAVMGMT\WALLETAVMGMT.APP 
	C:\System\Apps\WALLETAVOTA\WALLETAVOTA.aif 
	C:\System\Apps\WALLETAVOTA\WALLETAVOTA.APP 

3. Drops the following files which are variants of SymbOS/Cabir:

	C:\System\Recogs\FSRec.mdl 
	C:\System\Recogs\mod.MDL
	C:\System\Apps\Tee222\222.mdl
	C:\System\Apps\Tee222\Tee222.aif
	C:\System\Apps\Tee222\Tee222.app
	C:\System\Apps\Tee222\Tee222.rsc
	C:\System\Apps\Tee222\Tee222_CAPTION.rsC
	C:\System\SKULLSXSECUREDATA\SKULLSXSECUREDATA\SKULLSSECURITYMANAGER\skulls.APP
	C:\System\SKULLSXSECUREDATA\SKULLSXSECUREDATA\SKULLSSECURITYMANAGER\skulls.RSC
	C:\System\SKULLSXSECUREDATA\SKULLSXSECUREDATA\SKULLSSECURITYMANAGER\skulls.SIS
Reference: ID - 7735