Win32/Small.L [Threat Name] go to Threat

Win32/Small.L [Threat Variant Name]

Category virus
Size 5322 B
Detection created Jan 14, 2004
Detection database version 1598
Aliases Virus.Win32.Small.l (Kaspersky)
  W32.Madangel (Symantec)
  W32/Alisa.d (McAfee)
Short description

Win32/Small.L is a file infector. The virus tries to download and execute several files from the Internet.

Installation

When executed, the virus creates the following files:

  • %system%\­Serverx.exe (9418 B)

In order to be executed on every system start, the virus sets the following Registry entry:

  • [HKEY_CURRENT_USER\­Software\­Microsoft\­WindowsCurrentVersion\­Run]
    • "Serverx" = "%system%\­Serverx.exe"

The following Registry entries are created:

  • [HKEY_LOCAL_MACHINE\­SYSTEM\­CurrentControlSet\­Services\­LanmanServer\­Parameters]
    • "AutoShareWks" = 0
    • "AutoShareServer" = 0
Executable file infection

The virus searches for executables with one of the following extensions:

  • .exe
  • .scr

Executables are infected by appending the code of the virus to the last section.


The host file is modified in a way that causes the virus to be executed prior to running the original code.


The size of the inserted code is 5322 B .


It avoids files which contain any of the following strings in their path:

  • winn
  • wind
Other information

The virus contains an URL address. It tries to download a file from the address. The HTTP protocol is used.


The file is stored in the following location:

  • c:\­setupx.dll

The file is then executed.


The virus launches the following processes:

  • %system%\­setupx.exe
  • %system%\­updatex.exe

The virus contains the following text:

  • Angry Angel v3.0

The virus may create and run a new thread with its own program code within any running process.

Please enable Javascript to ensure correct displaying of this content and refresh this page.