Virus Profile: Downloader-ARL!334999A2
| Risk Assessment | |
| - Home Users: | Low |
| - Corporate Users: | Low |
| Date Discovered: | 10/7/2008 |
| Date Added: | 10/7/2008 |
| Origin: | Unknown |
| Length: | 61440 |
| Type: | Trojan |
| SubType: | Downloader |
| DAT Required: | 5399 |
Virus Characteristics
| File Property | Property Value |
|---|---|
| FileName | ~exe~1.exe |
| McAfee Detection | Downloader-ARL |
| Length | 61,440 bytes |
| CRC | 334999A2 |
| MD5 | C899F0D898B95A6ED1D49DAAD3E91D1D |
| SHA1 | 68F31F069153DBC97BF075BA16F7DEDEE942709A |
Other Common Detection Aliases
| Company Name | Detection Name |
|---|---|
| avast | Win32:PureMorph [Cryp] |
| FortiNet | W32/PolySmall.BP!tr |
| F-Prot | W32/FakeAlert.X.gen!Eldorado |
| Kaspersky | Trojan.Win32.Obfuscated.gx |
| Symantec | Packed.Generic.182 |
Avert® Labs has observed the following system activities:
| Activity | Risk Level |
|---|---|
| Enumerates open windows | Medium |
| Enumerates running processes | Medium |
| Program often suspends itself | Medium |
| Uses shared memory of other processes | Low |
Other detections that have been observed.
| FileName | McAfee Supported |
|---|---|
| %ALLUSERSPROFILE%\application data\ofexqxov\gdglghal.exe | Downloader-ARL |
System Changes
These are general defaults for typical path variables. (Although they may differ, these examples are common.):
%WinDir% = \WINDOWS (Windows 9x/ME/XP/Vista), \WINNT (Windows NT/2000)
%SystemDir% = \WINDOWS\SYSTEM (Windows 98/ME), \WINDOWS\SYSTEM32 (Windows XP/Vista), \WINNT\SYSTEM32 (Windows NT/2000)
%ProgramFiles% = \Program Files
The following files have been added to the system:
The following registry elements have been created:
- pj8l04eudq = c:\documents and settings\all users\application data
\ofexqxov\gdglghal.exe
- pj8l04eudq = 335920
The applications created the following network connection(s):
- hxxp://67.19.120.141/NL2
/******************************************************
Indications of Infection
This symptoms of this detection are the files, registry, and network communication referenced in the characteristics section.
Method of Infection
Trojans do not self-replicate. They are spread manually, often under the premise that the executable is something beneficial. Distribution channels include IRC, peer-to-peer networks, newsgroup postings, e-mail, etc.