Content

W32/RAHack!0a7e35347508

Type
Virus
SubType
-
Discovery Date
08/20/2009
Length
57344
Minimum DAT
5715 (08/20/2009)
Updated DAT
5715 (08/20/2009)
Minimum Engine
5300.2777
Description Added
08/20/2009
Description Modified
08/20/2009 3:47 PM (PT)
Risk Assessment
Corporate User
Low
Home User
Low

Tab Navigation

Characteristics

File PropertyProperty Value
FileName4b665e6bcdb2684179a2ad9204a22f8920bc3319.exe
McAfee ArtemisArtemis!0a7e35347508
McAfee DetectionW32/RAHack
Length57,344 bytes
CRC35314594
MD50A7E35347508B16F23EA68734DF75939
SHA14B665E6BCDB2684179A2AD9204A22F8920BC3319

Other Common Detection Aliases

Company NameDetection Name
avastWin32:Allaple [Wrm]
AVG (GriSoft)Worm/Allaple.D
AviraWORM/Allaple.Gen
BitDefenderWin32.Worm.Allaple.Gen
clamavWorm.Allaple-83
Dr.WebTrojan.Starman
EsetWin32/Allaple.D worm (variant)
F-ProtW32/Allaple.A.gen!Eldorado
KasperskyNet-Worm.Win32.Allaple.e
microsoftworm:win32/allaple.a
normanallaple.gen1
pandaW32/Rahack.gen.worm
risingWorm.Win32.Allaple.a
SophosW32/Allaple-F
SymantecW32.Rahack.H
Trend MicroWORM_ALLAPLE.IK
vba32OScope.Malware-Cryptor.Win32.Allaple
V-BusterWorm.Allaple.Gen (mutant)
Vet (Computer Associates)
Win32/Mallar

Avert® Labs has observed the following system activities:

ActivityRisk Level
Registers DLLsInformational

This sample can be identified by the following symptoms.

System Changes

These are general defaults for typical path variables. (Although they may differ, these examples are common.):
%WinDir% = \WINDOWS (Windows 9x/ME/XP/Vista), \WINNT (Windows NT/2000)
%SystemDir% = \WINDOWS\SYSTEM (Windows 98/ME), \WINDOWS\SYSTEM32 (Windows XP/Vista), \WINNT\SYSTEM32 (Windows NT/2000)
%ProgramFiles% = \Program Files

The following files were analyzed:

  • %USERPROFILE%\local settings\temp\4b665e6bcdb2684179a2ad9204a22f8920bc3319.exe

    • The following registry elements have been created:

  • HKEY_LOCAL_MACHINE\software\classes\clsid\{4f5d84e8-05c4-bb7e-db02-58e74f4565fa}\
    • (default) = nxtwrvlnhrlbskxe

    • Symptoms

    This symptoms of this detection are the files, registry, and network communication referenced in the characteristics section.

    Method of Infection

    Viruses are self-replicating. They are often spread by a network or by transmission to a removable medium such as a removable disk, writable CD, or USB drive. Viruses may also spread by infecting files on a network file system or a file system that is shared by another computer.

    Removal

    AVERT recommends to always use latest DATs and engine. This threat will be cleaned if you have this combination.

    Additional Windows ME/XP removal considerations

    Variants

    Variants

      N/A

    All Information

    Overview -

    This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then further propagate the virus. Although many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.

    Characteristics

    Characteristics -

    File PropertyProperty Value
    FileName4b665e6bcdb2684179a2ad9204a22f8920bc3319.exe
    McAfee ArtemisArtemis!0a7e35347508
    McAfee DetectionW32/RAHack
    Length57,344 bytes
    CRC35314594
    MD50A7E35347508B16F23EA68734DF75939
    SHA14B665E6BCDB2684179A2AD9204A22F8920BC3319

    Other Common Detection Aliases

    Company NameDetection Name
    avastWin32:Allaple [Wrm]
    AVG (GriSoft)Worm/Allaple.D
    AviraWORM/Allaple.Gen
    BitDefenderWin32.Worm.Allaple.Gen
    clamavWorm.Allaple-83
    Dr.WebTrojan.Starman
    EsetWin32/Allaple.D worm (variant)
    F-ProtW32/Allaple.A.gen!Eldorado
    KasperskyNet-Worm.Win32.Allaple.e
    microsoftworm:win32/allaple.a
    normanallaple.gen1
    pandaW32/Rahack.gen.worm
    risingWorm.Win32.Allaple.a
    SophosW32/Allaple-F
    SymantecW32.Rahack.H
    Trend MicroWORM_ALLAPLE.IK
    vba32OScope.Malware-Cryptor.Win32.Allaple
    V-BusterWorm.Allaple.Gen (mutant)
    Vet (Computer Associates)
    		Win32/Mallar

    Avert® Labs has observed the following system activities:

    ActivityRisk Level
    Registers DLLsInformational

    This sample can be identified by the following symptoms.

    System Changes

    These are general defaults for typical path variables. (Although they may differ, these examples are common.):
    %WinDir% = \WINDOWS (Windows 9x/ME/XP/Vista), \WINNT (Windows NT/2000)
    %SystemDir% = \WINDOWS\SYSTEM (Windows 98/ME), \WINDOWS\SYSTEM32 (Windows XP/Vista), \WINNT\SYSTEM32 (Windows NT/2000)
    %ProgramFiles% = \Program Files

    The following files were analyzed:

  • %USERPROFILE%\local settings\temp\4b665e6bcdb2684179a2ad9204a22f8920bc3319.exe

    • The following registry elements have been created:

  • HKEY_LOCAL_MACHINE\software\classes\clsid\{4f5d84e8-05c4-bb7e-db02-58e74f4565fa}\
    • (default) = nxtwrvlnhrlbskxe

    • Symptoms

    Symptoms -

    This symptoms of this detection are the files, registry, and network communication referenced in the characteristics section.

    Method of Infection

    Method of Infection -

    Viruses are self-replicating. They are often spread by a network or by transmission to a removable medium such as a removable disk, writable CD, or USB drive. Viruses may also spread by infecting files on a network file system or a file system that is shared by another computer.

    Removal -

    Removal -

    AVERT recommends to always use latest DATs and engine. This threat will be cleaned if you have this combination.

    Additional Windows ME/XP removal considerations

    Variants

    Variants -

      N/A