Mal/Behav-103
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 90 % (High) |
Infected Computers: | 11 |
First Seen: | October 21, 2011 |
Last Seen: | May 22, 2023 |
OS(es) Affected: | Windows |
The Mal/Behav-103 Trojan is what is known as a dropper Trojan. Its main function is to enter a computer system and to "drop" or install other malware infections, such as worms, rootkits or additional Trojans. The Mal/Behav-103, in particular, is often used to install a Remote Access Tool, a devastating malware infection that gives criminals the ability to control the infected computer from a distance. Using this malware tool, a hacker can use the computer infected with the Mal/Behav-103 to perform attacks, send out spam email or to delete all contents of its hard drives. There are several components that characterize the Mal/Behav-103. This dangerous malware infection is protected with Themida, a kind of protection that is designed to make it extremely difficult for malware researchers to reverse engineer and dissect how the Mal/Behav-103 works. The Mal/Behav-103 will usually create a file named "mothersday11-hp" on the infected computer's hard drive, containing most of the Mal/Behav-103's active components.
The Mal/Behav-103 and the Colonel Gaddafi Photos Scam
It has become a growing trend among computer criminals to take advantage of high-profile deaths or events. We saw it with the death of Steve Jobs and with the death of Amy Winehouse. Now, the Mal/Behav-103 has been making headlines because of its involvement in a scam that takes advantage of Libyan dictator's death Moammar Gaddafi. Typically, victims will receive a fraudulent email claiming that it contains a link to the bloody photographs of this dictator's dead body. Since this has been a trending topic since Moammar Gaddafi's death, it is quite possible that many computer users were tricked by this scam.
The attached file is compressed in .rar format. However, if you decompress it, it does not lead to any photographs, but installs the Mal/Behav-103 automatically on the victim's computer system. To protect yourself from this scam, ESG security researchers strongly recommend being careful about the links you click. Specifically, email attachments from unreliable sources are a common source of malware such as the Mal/Behav-103. These kinds of celebrity death scams are particularly vicious, as they take advantage of human nature and curiosity to convince the victim to download and install the Trojan himself. ESG malware analysts recommend getting your celebrity news from reputable websites. Also, do not trust any unrequested emails claiming that they contain important new information.
Aliases
15 security vendors flagged this file as malicious.
Anti-Virus Software | Detection |
---|---|
AVG | Suspicion: unknown virus |
Fortinet | W32/Dx.YLD!tr |
Ikarus | Trojan.Win32.Genome |
AhnLab-V3 | Trojan/Win32.HDC |
Antiy-AVL | Trojan/Win32.Genome.gen |
McAfee-GW-Edition | Heuristic.BehavesLike.Win32.Suspicious-BAY.K |
AntiVir | TR/Crypt.CFI.Gen |
DrWeb | Trojan.Click2.9619 |
Comodo | Backdoor.Win32.Delf.~DF |
BitDefender | Gen:Trojan.Heur.fm0@sDlVhJci |
Kaspersky | Trojan.Win32.Genome.abnqx |
Avast | Win32:Malware-gen |
Symantec | Trojan.Gen.2 |
McAfee | Artemis!37E6A7BDE5B8 |
CAT-QuickHeal | (Suspicious) - DNAScan |