BAT/Delfiles [Threat Name] go to Threat

BAT/DelFiles.NBV [Threat Variant Name]

Category trojan
Size 185928 B
Detection created Dec 17, 2012
Detection database version 7807
Aliases Trojan.Win32.Maya.a (Kaspersky)
  BatchWiper!dr.trojan (McAfee)
  Trojan:BAT/Wiper.A (Microsoft)
  Trojan.Batchwiper (Symantec)
Short description

BAT/DelFiles.NBV is a trojan that deletes files in specific folders. The file is run-time compressed using RAR, UPX .

Installation

When executed, the trojan creates the following files:

  • %systemroot%\­System32\­SLEEP.EXE (53760 B)
  • %systemroot%\­System32\­juboot.exe (33280 B, BAT/DelFiles.NBV)
  • %systemroot%\­System32\­jucheck.exe (53760 B, BAT/DelFiles.NBV)

The trojan runs the following applications:

  • %systemroot%\­System32\­juboot.exe
  • %systemroot%\­System32\­jucheck.exe

In order to be executed on every system start, the trojan sets the following Registry entry:

  • [HKEY_CURRENT_USER\­Software\­Microsoft\­Windows\­CurrentVersion\­Run]
    • "jucheck.exe" = "%systemroot%\­System32\­jucheck.exe"

The following files are deleted:

  • %systemroot%\­system32\­juboot.exe
  • %userprofile%\­Start Menu\­Programs\­Startup\­GrooveMonitor.exe
Payload information

If the current system date and time matches certain conditions, it attempts to delete various files and folders including the following:

  • d:\­*.*
  • e:\­*.*
  • f:\­*.*
  • g:\­*.*
  • h:\­*.*
  • i:\­*.*
  • %userprofile%\­Desktop\­*.*

Please enable Javascript to ensure correct displaying of this content and refresh this page.