|
|
Win32.Maya.410 Viruses Information
| Name: |
Win32.Maya.410 |
| Category: |
Viruses |
| Description:
|
Details
Win32.Maya.4106
To get access to Windows functions the virus scans KERNEL32 export table, gets the GetProcAddress function address and then by using this value gets addresses of necessary functions:
KERNEL32.DLL:
GetModuleHandleA GetProcAddress CreateFileA WriteFile GetFileSize
CreateFileMappingA MapViewOfFile UnmapViewOfFile CloseHandle
FindFirstFileA FindNextFileA FindClose SetFilePointer SetEndOfFile
GetCurrentDirectoryA SetCurrentDirectoryA GetFileAttributesA
SetFileAttributesA GetSystemTime GetWindowsDirectoryA
USER32.DLL and ADVAPI32.DLL:
RegOpenKeyExA RegSetValueExA MessageBoxA SystemParametersInfoA
The "per-process resident" code of the virus scans current (host) process imports table and hooks following Windows file access functions, if the process imports them:
MoveFileA CopyFileA CreateFileA DeleteFileA SetFileAttributesA
GetFileAttributesA GetFullPathNameA CreateProcessA
The virus also contains the text strings:
To Aparna S. : Forever in love with youall
AYAM
IAHS
Control PanelDesktop
TileWallpaper
WallpaperStyle
SLAM.BMP |
Top Viruses Visited Pages:
Invader. - 239 visits
not-a-virus:RiskWare.Tool.RegPatch. - 73 visits
Worm.P2P.Harex. - 66 visits
not-a-virus:RemoteAdmin.Win32.RAdmin.2 - 60 visits
Small.58. - 56 visits
Coito.64 - 54 visits
I-Worm.Mapson. - 48 visits
Win32.Hidra - 43 visits
Win16.Klon.1177 - 42 visits
Marine.500 - 35 visits
Random Viruses Pages:
Shoe.190
Siskin.94
Imi.1536.
Devastator.30
I-Worm.Pil
Nostardamus famil
Glue.4000.
Klepavka.88
Macro.Word97.Bpt
Mal famil
|
|
