![]() C:\Documents and Settings\%currently logged-in user%\Application Data\tazebamaĪnd may drop the file zPharaoh.dat into it.The virus also creates the following folder: It also makes the malware capable of propagating via removable drives. The above process is used to automatically execute zPharaoh.exe, which contains the worm's executable code. ShellExecute=zPharaoh.exe shell\open\command=zPharaoh.exe shell\explore\command=zPharaoh.exe open=zPharaoh.exe.The autorun.inf file contains the following code: ![]() On execution, the worm drops the following files into the system root drives: The technical details below refer to the Worm:W32/Mabezat.B variant, which is the most prevalent variant in the wild.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |