Threat Database Worms W32.Ackantta.H@mm

W32.Ackantta.H@mm

W32.Ackantta.H@mm is a mass-mailing worm that can deteriorate the performance of a compromised machine. Once W32.Ackantta.H@mm is inside a computer system it will search for and gather e-mail addresses. Then W32.Ackantta.H@mm will send e-mails with copies of itself attached to them, to all the found e-mail addresses. W32.Ackantta.H@mm may also disable existing security software, which will make the system vulnerable to further attacks.

File System Details

W32.Ackantta.H@mm may create the following file(s):
# File Name Detections
1. HPWuSchdj.exe
2. Dm28sf0V@XK$NX8hOu

Registry Details

W32.Ackantta.H@mm may create the following registry entry or registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\"hke8" = "[STRING]"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\"[PATH TO EXECUTABLE]"
HKEY_LOCAL_MACHINE\Software\HP35
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"HP Software Updater v1.4" = "[PATH TO EXECUTABLE]"
HKEY_CURRENT_USER\Software\HP35
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\"hke9" = "[STRING]"

Trending

Most Viewed

Loading...