Win32/Mira [Threat Name] go to Threat

Win32/Mira.A [Threat Variant Name]

Category worm
Size 489184 B
Detection created Apr 22, 2014
Detection database version 10381
Aliases Trojan.Win32.Agent.icgh (Kaspersky)
Short description

Win32/Mira.A is worm that attempts to copy itself to the root of any accessible disk volumes.

Installation

When executed, the worm copies itself into the following location:

  • %commonappdata%\­Saaaalamm\­Mira.h

The worm creates the following file:

  • %commonappdata%\­%variable%.exe (465254 B, Win32/Mira.A)

A string with variable content is used instead of %variable% .


In order to be executed on every system start, the worm sets the following Registry entry:

  • [HKEY_CURRENT_USER\­Software\­Microsoft\­Windows\­CurrentVersion\­Run]
    • "Microsoft® Windows® Operating System" = "%commonappdata%\­%variable%.exe"
Spreading

The worm copies itself into the root folders of all drives with the filename based on the name of an existing file or folder. The extension of the file is ".exe" .

Please enable Javascript to ensure correct displaying of this content and refresh this page.