Vulnerabilities Threats

English Russian Japanese LatAm Türkiye Brasil France Český Deutschland

Worm.Win32.RJump

Home Threats Worm Worm.Win32.RJump
Detect Date 05/17/2007
Class Worm
Platform Win32
Description

This Trojan has a malicious payload. It is a Windows PE EXE file. It is 945664 bytes in size. It is not packed in any way. It is written in Delphi.

Installation

When launched, the Trojan copies itself as shown below:

%Documents and Settings%%user%Start MenuProgramsStartupRavMonE.exe

%Documents and Settings%%user%Start MenuProgramsStartupavp.exe

%System%RavMon.exe

The Trojan creates the following registry key with installation data:

[HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerrm]

It also creates the following system registry key values:

[HKCRSoftwareMicrosoftInternet Account]

 “Expire Days” = “dword:8”

[HKCRControl PanelDesktop]

 “AutoEndTasks” = “1”

In order to ensure that the Trojan is launched automatically each time the system is restarted, the Trojan registers its executable file in the system registry:

[HKLMSoftwareMicrosoftWindowsCurrentVersionRun]

 “RavAV” = “%Documents and Settings%%user%Start MenuProgramsStartupRavMonE.exe”

 “RavMon” = “%System%RavMon.exe”
Find out the statistics of the threats spreading in your region
© 2022 AO Kaspersky Lab. All Rights Reserved.
Privacy Policy Cookies

Up