Kaspersky Threats

Class

Platform

Description

Technical Details

This is a Win32 PE EXE worm that spreads in e-mail messages using a system’s default MAPI client. When started, it copies itself to %WINDOWS%Win32Dlw.EXE and %SYSTEM%Win32Exp.EXE, then writes the following key to the registry to start automaically with Windows:

HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrent VersionRun RunExplorer=%SYSTEM%Win32Exp.EXE

If the current month is Semptember, the worm draws the following message on the screen:
Kad sve izgleda da umire,…ono se ustvari radja!

Then, the worm shows a message box with a ‘…’ title and the following text:

Moja jutra su sve jasnija,
Moja snaga je prodornija,
Moje rijeci silno odjekuj
Moj mac je ostriji,
Moje noci su sve hladnije.
…ali dan je blizi kad ce
ljudi shvatiti da su samo,
i nista drugo nego ono sto
sam i JA!

After displaying a message, the worm does nothing for 2 minutes, and then sends itself to all senders of e-mail messages stored in the default MAPI client inbox.

All messages sent by the worm have the following properties:

Message subject is: Bin Ladenov zivot.
File attached: Bin Ladenov Zivot.exe
Message body:

Ako jos do sada niste znali ko je Bin Laden onda
vjerovatno cete naci ovaj dokument interesantnim
u kojem je prikazano nekoliko vaznih momenata u,
u njegovom zivotu, cak dok je jos radio pri CIA!

Find out the statistics of the threats spreading in your region

Class	Email-Worm
Platform	Win32
Description	Technical Details This is a Win32 PE EXE worm that spreads in e-mail messages using a system’s default MAPI client. When started, it copies itself to %WINDOWS%Win32Dlw.EXE and %SYSTEM%Win32Exp.EXE, then writes the following key to the registry to start automaically with Windows: HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrent VersionRun RunExplorer=%SYSTEM%Win32Exp.EXE If the current month is Semptember, the worm draws the following message on the screen: Kad sve izgleda da umire,…ono se ustvari radja! Then, the worm shows a message box with a ‘…’ title and the following text: Moja jutra su sve jasnija, Moja snaga je prodornija, Moje rijeci silno odjekuj Moj mac je ostriji, Moje noci su sve hladnije. …ali dan je blizi kad ce ljudi shvatiti da su samo, i nista drugo nego ono sto sam i JA! After displaying a message, the worm does nothing for 2 minutes, and then sends itself to all senders of e-mail messages stored in the default MAPI client inbox. All messages sent by the worm have the following properties: Message subject is: Bin Ladenov zivot. File attached: Bin Ladenov Zivot.exe Message body: Ako jos do sada niste znali ko je Bin Laden onda vjerovatno cete naci ovaj dokument interesantnim u kojem je prikazano nekoliko vaznih momenata u, u njegovom zivotu, cak dok je jos radio pri CIA!
	Find out the statistics of the threats spreading in your region

Email-Worm.Win32.Kadra

Technical Details