Mal/Morto-A

Category: Viruses and Spyware Protection available since:30 Aug 2011 10:05:52 (GMT)
Type: Malicious behavior Last Updated:30 Aug 2011 10:05:52 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Mal/Morto-A is a family of network worms.

Mal/Morto-A drops a file to one or more of the following locations, also detected as Mal/Morto-A:

<Windows>\clb.dll
<Windows>\Offline Web Pages\cache.txt

Mal/Morto-A attempts to spread to network shares using port 3389 (RDP).

Mal/Morto-A tries to read and write to files in the remote folder \\tsclient\a\.

Mal/Morto-A typically creates registry entries at the following location:

HKLM\SYSTEM\Wpa

Mal/Morto-A may attempt to delete the following registry key:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU

Components of Mal/Morto-A have been detected as Troj/SvcLoad-A, Troj/SvcLoad-B and Troj/Agent-TEE.

Examples of Mal/Morto-A include:

Example 1

File Information

Size
7.1K
SHA-1
029f770aa8dfa81831b759d39dc6822db936c245
MD5
4f3ae68fe5861d0060d2a0a964431a36
CRC-32
b9c098c1
File type
application/x-ms-dos-executable
First seen
2011-08-26

Example 2

File Information

Size
29K
SHA-1
0350faa85c50ff5628772c0beafd8f97e2c5a5bf
MD5
c181d33d27b2a3db4de06ac93eb0ee53
CRC-32
d9ba6e47
File type
application/x-ms-dos-executable
First seen
2011-08-09

Example 3

File Information

Size
49K
SHA-1
0bbb014657bf4459faa2e6faf11d0559b196187c
MD5
2eef4d8b88161baf2525abfb6c1bac2b
CRC-32
38761d76
File type
application/x-ms-dos-executable
First seen
2011-08-10

Runtime Analysis

Dropped Files
  • C:\WINDOWS\clb.dll
    Size
    6.6K
    SHA-1
    81f3226b75fa062813ec7f365657c0e9b968b5d8
    MD5
    cbe629f6fa903b60672bf400e1859bf0
    CRC-32
    f9c30115
    File type
    application/x-ms-dos-executable
    First seen
    2011-08-30
Registry Keys Created
  • HKLM\SYSTEM\WPA
    ie
    c:\test_item.exe
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
    a
    regedit.exe\1
Processes Created
  • c:\windows\regedit.exe