VBS/Netlog.A

description-logoAnalysis

  • Virus is coded in VBScript and is 2429 bytes
  • Virus loads at Windows startup
  • Virus scans a range of IP addresses and attempts to map the host to the target IP address as drive J:, then attempts to copy itself to available drives in the following folders -

    windows\
    windows\startm~1\programs\startup\
    windows\start menu\programs\startup\
    win95\startm~1\programs\startup\
    win95\start menu\programs\startup\
    wind95\

  • Virus writes a log file as "c:\network.log"

Telemetry logoTelemetry