W32/Hai.A
Analysis
- Virus is 32bit, with a size of 69,635 bytes and
is PELock compressed
- Virus makes use of the NetBIOS transport protocol,
thus if this protocol is not installed, it is not
a threat for spreading within networks
- Virus seeks systems which offer a full share of their drive across NetBIOS networks where the Windows folder is writable. When this condiion exists the virus copies itself to that system under a random name and modifies the WIN.INI to load this file at next Windows startup