W32/Gamarue-BJ

Category: Viruses and SpywareProtection available since:15 Mar 2016 18:40:32 (GMT)
Type: Win32 wormLast Updated:15 Mar 2016 18:40:32 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

W32/Gamarue-BJ is a worm that enables remote access to affected systems.

W32/Gamarue-BJ is normally deployed via exploit kit infected websites.

When first run, W32/Gamarue-BJ connects to a C2 siite to download updates and further instructions.

W32/Gamarue-BJ spreads via removable drives, and enables autorun in the registry for persistent remote access.

W32/Gamarue-BJ is designed to make iit easy to remote access sensitive information on the infected computer.

Examples of W32/Gamarue-BJ include:

Example 1

File Information

Size
4.0K
SHA-1
00001140c1fc1b2f28ca59dfd913bb854a1c2489
MD5
c72299639301c48385b75980155aae5d
CRC-32
06bb639f
File type
Windows executable
First seen
2015-12-23

Example 2

File Information

Size
4.5K
SHA-1
0013170e63a574b30052b32a9412e1ec9cc6f9e4
MD5
acfb67de7ae0d8c86cbbb15bcb718ef4
CRC-32
e7c15981
File type
Windows executable
First seen
2015-11-09

Example 3

File Information

Size
4.0K
SHA-1
00161755c2825cbdda54773c4db95e73c4596332
MD5
81cc1747dfe0d4cc5aa750f4a9f49f4e
CRC-32
6ecc9546
File type
Windows executable
First seen
2015-10-12