Virus

W32/Diamin.BZ!tr

Analysis

W32/Diamin.BZ!tr - 06-08-02


General Info:

This threat is a "PE" executable file, with file size 22008

Network/Internet:

  • Connects to Server: HTTP

Files:

  • Copies itself to: undefinedSystemDirectoryundefined
  • Drop files: ".exe"

Installation to System:

  • When run, it copies itself to:
    undefinedWINDOWSundefined\NETVISION.exe
  • And creates these registry entries:
    HKLM\Microsoft\Windows\CurrentVersion\Run "FASTTRACKNETVISION" = "undefinedWINDOWSundefined\NETVISION.exe -A"

More Info:

The NETVISON process which is a copy of the virus will dial to the ip 212.39.31.12,212.39.26.68 and 67.15.56.69 through the modem.
It will create a service named Telephony,then set the service status Running.