W32/Mato-L

Category: Viruses and Spyware Protection available since:11 Jul 2013 17:40:40 (GMT)
Type: Win32 worm Last Updated:11 Jul 2013 17:40:40 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of W32/Mato-L include:

Example 1

File Information

File type
Windows executable

Example 2

File Information

File type
Windows executable

Runtime Analysis

Dropped Files
  • F:/Passwords.exe
    Size
    385K
    SHA-1
    ebdfd92b3eaa89c568c9c087637cf4cf9566571e
    MD5
    6951d327262b8cd5634c703ed0d84ef6
    CRC-32
    f7dc0b7f
    File type
    application/x-ms-dos-executable
    First seen
    2013-07-11
  • F:/mzzuj.exe
    Size
    385K
    SHA-1
    79aadf1dcabb9ae7e12b38b75856e098e727f2dc
    MD5
    1c8f603f9ba07ad2228a17bf2816caa0
    CRC-32
    e38bb3f4
    File type
    application/x-ms-dos-executable
    First seen
    2013-07-11
  • F:/Secret.exe
    Size
    385K
    SHA-1
    79aadf1dcabb9ae7e12b38b75856e098e727f2dc
    MD5
    1c8f603f9ba07ad2228a17bf2816caa0
    CRC-32
    e38bb3f4
    File type
    application/x-ms-dos-executable
    First seen
    2013-07-11
  • c:\Documents and Settings\test user\mzzuj.exe
    Size
    385K
    SHA-1
    c3838d9e9f584827948abb972709b6919b991249
    MD5
    fa95c4f1709bce57e270a90e8a26e469
    CRC-32
    3aa3b217
    File type
    application/x-ms-dos-executable
    First seen
    2013-07-11
  • F:/Sexy.exe
    Size
    385K
    SHA-1
    776058edd5f4c57f3f2bc4d2099a1b701ff6b179
    MD5
    d5fb496fca4b72a1a38c01431ac481d3
    CRC-32
    bb033d1b
    File type
    application/x-ms-dos-executable
    First seen
    2013-07-11
  • F:/Porn.exe
    Size
    385K
    SHA-1
    66df08b7327d8a8020bb88e5c4c91e008cbc06c5
    MD5
    f46fe984774f6ada7ee21954f21d8f57
    CRC-32
    3d0940f9
    File type
    application/x-ms-dos-executable
    First seen
    2013-07-11
Registry Keys Created
  • HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    NoAutoUpdate
    0x00000001
  • HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows
    Run
    c:\Documents and Settings\test user\mzzuj.exe /z
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    mzzuj
    c:\Documents and Settings\test user\mzzuj.exe /u
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    mzzuj
    c:\Documents and Settings\test user\mzzuj.exe /b
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
    ShowSuperHidden
    0x00000000
Processes Created
  • c:\Documents and Settings\test user\mzzuj.exe

Example 3

File Information

File type
Windows executable

download Try Sophos products for free
Download now