SymbOS/Skulls.E

Alias/esTrojan.SymbOS.Skuller.d, SymbOS/Skulls.e trojan, Troj/Skulls-E
Release DateJun 30, 2005
Detection Availability
Active DatabaseExtended Database
FortiGatelowhigh
FortiClient
FortiMailN/A
Current Antivirus Definition Database Version: 12.323
Description

Visible Symptoms

  • Many applications no longer work after infection by this virus.
  • The icon of some applications shown in the menu becomes a picture of skull.

    Detailed Analysis

  • It is a Symbian virus, packed in .sis format.

  • Displays the following message prompting the user to install:
    • Install Mariya?
  • Drops the following non-functioning files to disable the relevant applications in the phone:
    • C:\System\Apps\Appctrl\Appctrl.aif
    • C:\System\Apps\Appctrl\Appctrl.app
    • C:\System\Apps\BtUi\BtUi.aif
    • C:\System\Apps\BtUi\BtUi.app
    • C:\System\Apps\efileman\efileman.aif
    • C:\System\Apps\efileman\efileman.app
    • C:\System\Apps\FExplorer\FExplorer.aif
    • C:\System\Apps\FExplorer\FExplorer.app
    • C:\System\Apps\File\File.aif
    • C:\System\Apps\File\File.app
    • C:\System\Apps\FileManager\FileManager.aif
    • C:\System\Apps\FileManager\FileManager.app
    • C:\System\Apps\FileView\FileView.aif
    • C:\System\Apps\FileView\FileView.app
    • C:\System\Apps\MediaGallery\MediaGallery.aif
    • C:\System\Apps\MediaGallery\MediaGallery.app
    • C:\System\Apps\mmcapp\mmcapp.aif
    • C:\System\Apps\mmcapp\mmcapp.app
    • C:\System\Apps\Phone\Phone.aif
    • C:\System\Apps\Phone\Phone.app
    • C:\System\Apps\Phonebook\Phonebook.aif
    • C:\System\Apps\Phonebook\Phonebook.app
    • C:\System\Apps\ProfileApp\ProfileApp.aif
    • C:\System\Apps\ProfileApp\profileapp.app
    • C:\System\Apps\SmartFileMan\SmartFileMan.aif
    • C:\System\Apps\SmartFileMan\SmartFileMan.app
    • C:\System\Apps\Startup\Startup.aif
    • C:\System\Apps\Startup\Startup.app
    • C:\System\Apps\SystemExplorer\SystemExplorer.aif
    • C:\System\Apps\SystemExplorer\SystemExplorer.app
    • C:\System\Apps\ThNdRbRd\ThNdRbRd.aif
    • C:\System\Apps\ThNdRbRd\ThNdRbRd.app
    • C:\System\Apps\Voicerecorder\Voicerecorder.aif
    • C:\System\Apps\Voicerecorder\Voicerecorder.app
  • Drops the following files:
    • C:\System\Apps\Mariya\Mariya.APP (Fortinet detects it as SymbOS/Cabir.A!worm)
    • C:\System\Apps\Mariya\Mariya.RSC
    • C:\System\Apps\Mariya\Naw.MDL (Fortinet detects it as SymbOS/Cabir_ezboot.V)
    • C:\System\data\Backgroundimage.mbm
    • C:\System\Nawrasxsecuredata\NawraSSECURITYMANAGER\Mariya.SIS (Fortinet detects it as SymbOS/Cabir.D!worm)
    • C:\System\Nawrasxsecuredata\NawraSSECURITYMANAGER\Mariya.APP (Fortinet detects it as SymbOS/Cabir.A!worm)
    • C:\System\Nawrasxsecuredata\NawraSSECURITYMANAGER\Mariya.RSC
    • C:\System\Recogs\Naw.MDL
  • Attempts to send the virus file Mariya.SIS  to other mobile phones via bluetooth.
    • Description Last Updated Date: Jan 11, 2007
    Reference: ID - 63907