By GoldSparrow in Worms

Threat Scorecard

Ranking: 6,402
Threat Level: 50 % (Medium)
Infected Computers: 2,007
First Seen: September 16, 2015
Last Seen: November 11, 2022
OS(es) Affected: Windows

Worm.Mira is a polymorphic worm capable of spreading by creating copies of itself in several folders on infected systems. What is a polymorphic threat? A malware of this kind continually changes the features it possesses to avoid detection for as long as possible. Many of the known threats today can be polymorphic, not just worms but trojans, keyloggers, and more. Polymorphic techniques often include changing identifiable characteristics to threats, such as file names, encryption algorithms, and more to ensure the threat stays ahead of detection techniques.

In this case, Mira mimics existing folders and files by creating an executable bearing the same name. Mira then marks the original folder or file as hidden to replace it in the 'eyes' of the system. This mimic uses a folder or file icon and opens the associated folder when executed, same as the original. The mimics may be spotted if the Windows settings are tweaked to show hidden files. Mira attempts to add files to all removable drives as well, so users should keep that in mind if they try to restore backups to an already infected system.

Signs of infection may include the creation of new files with the following names:

  • %APPDATA%\Saaaalamm\Mira.h
  • %APPDATA%\[a-z]{5,6}.exe
  • %SYSTEMDRIVE%\Program Files .exe
  • \System Volume Information .exe

SpyHunter Detects & Remove Worm.Mira

File System Details

Worm.Mira creates the following file(s):
# File Name MD5 Detections
1. HELP_DECRYPT.HTML .exe 670dbb2ddd39c981830eeab5229ced3a 0

Registry Details

Worm.Mira creates the following registry entry or registry entries:
%ALLUSERSPROFILE%\Application Data\Saaaalamm


Most Viewed