W32/Palev-Gen

Category: Viruses and SpywareProtection available since:17 Nov 2009 10:18:28 (GMT)
Type: Win32 wormLast Updated:04 Mar 2011 13:50:08 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Summary

W32/Palev-Gen is a worm for the Windows platform.

Detailed analysis

Example behaviors of W32/Palev-Gen follow:

Example 1

File Information

Size
78K
SHA-1
9e0428561fdf6ace0e042d46758adf829c6f8d5d
MD5
9104e95b93a57a2ddbdc34eddc3fe19d
CRC-32
672664b4
File type
application/x-ms-dos-executable
First seen
2010-06-25

Runtime Analysis

Copies Itself To
  • C:\Documents and Settings\support\Application Data\mrpky.exe
Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    Taskman
    C:\Documents and Settings\support\Application Data\mrpky.exe
DNS Requests
  • kreten.banjalucke-ljepotice.ru
  • prcolina.prichaonica.com

Example 2

File Information

Size
78K
SHA-1
1e56bcaa796d1d0b89755ace299cb1b60189cd9b
MD5
3a347447a94400fe30fcab5a3e662853
CRC-32
66070b93
File type
application/x-ms-dos-executable
First seen
2010-09-15

Runtime Analysis

Copies Itself To
  • C:\Documents and Settings\support\Application Data\mrpky.exe
Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    Taskman
    C:\Documents and Settings\support\Application Data\mrpky.exe
DNS Requests
  • kreten.banjalucke-ljepotice.ru
  • prcolina.prichaonica.com

Example 3

File Information

Size
85K
SHA-1
9c1a8f53e64f44e8e9cc0810b4179c4f58a79386
MD5
48c4c7a2ad690777dce9e79e6f785cff
CRC-32
81e85fbe
File type
application/x-ms-dos-executable
First seen
2010-08-22

Runtime Analysis

Copies Itself To
  • C:\Documents and Settings\support\Application Data\huuo.exe
Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    Taskman
    C:\Documents and Settings\support\Application Data\huuo.exe
DNS Requests
  • alotibi.xylocomod.com
  • tep.xylocomod.com