| Name: | Maldal |
| Aliases: | W32.Maldal.C@mm, W32.Zacker.C@mm, W32.Reeezak.A@mm, Zacker, Reezak, Kerzac, Worm_Maldal.C, W32/Keyluc@MM, Keyluc, Christmas worm, Dismissed, Peace worm, VBS/Dismissed, Hallad, I-worm.Hallad, |
| Ports: | |
| Files: | Christmas.exe - 37,376 bytes Luckey.exe - 81,920 bytes Dallah.exe - Malal.exe - Sharoon ####.exe - Bush ####.exe - ZA-Union ####.exe - BinLadin ####.exe - Dala.htm - Dalal.htm - Dallah.htm - Flopy.vbs - Hide.pif - Outlook.vbs - Rol.vbs - Rols.dr - Server.vbs - Zacker.pif - Zacker.vbs - Fixerdata.exe - Data.exe - Test.exe - Test.txt - #### is a number between 1 and 9999. - 11,264 bytes - 21,504 bytes (version K) - 23,552 bytes - 24,064 bytes |
| Created: | Dec 2001 |
| Requires: | Visual Basic runtime libraries - - are required to run the trojan. |
| Actions: | Anti-protection trojan / Keylogger / Steals passwords / Virus / Worm / Mail trojan / Network trojan / MSN trojan / Peer-to-peer trojan / IRC trojan / Destructive trojan |
| Registers: | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\ | |
| HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName\ | |
| HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start page HKUsers\.DEFAULT\Software\Microsoft\InternetAccountManager\Accounts\00000001\SMTP Email AddressHKUsers\.DEFAULT\Software\Microsoft\Office\Outlook\OMIAccountManager\Accounts\00000001\SMTP Email Address | |
| HKEY_LOCAL_MACHINE\Software\ | |
| Notes: | Works on Windows, together with MS Outlook, MS Internet Explorer, MS MSN Messenger and mIRC. Used homepages are http://geocities.com/Jobreee/main.htm and http://www.orst.edu/groups/msa/everwonder.swf. |
| Country: | |
| Program: | Written in Visual Basic 6.0. |