Win32/Mamianune [Threat Name] go to Threat

Win32/Mamianune.A [Threat Variant Name]

Category virus
Detection created Sep 24, 2006
Detection database version 1772
Aliases Email-Worm.Win32.Mamianune.s (Kaspersky)
  Worm:Win32/Mamianune.gen (Microsoft)
  I-Worm/Tuxy.A (AVG)
Short description

Win32/Mamianune.A is a file infector. It is able to spread via e-mail.

Installation

When executed the virus copies itself in the following locations:

  • %system%\­%variable1%.exe

In order to be executed on every system start, the virus sets the following Registry entry:

  • [HKEY_LOCAL_MACHINE\­SOFTWARE\­Microsoft\­Windows\­CurrentVersion\­Run]
    • "%variable2%.exe" = "%variable1%.exe"

A string with variable content is used instead of %variable1-2% .

Executable file infection

Win32/Mamianune.A is a file infector.


The virus searches local and network drives for files with one of the following extensions:

  • .ex*

Executables are infected by appending the code of the virus to the last section.


The size of the inserted code is 6 KB .


The host file is modified in a way that causes the virus to be executed prior to running the original code.

Spreading via e-mail

Win32/Mamianune.A is a virus that spreads via e-mail.


E-mail addresses for further spreading are searched for in local files with one of the following extensions:

  • .xm*
  • .ht*
  • .tx*
  • .do*

The sender's address is spoofed.


The message subject is randomly generated.


Body of the message is blank.


The attachment is an executable file of the virus.


The file name is randomly generated.

Other information

The virus may create the following files:

  • %variable%.htm

A string with variable content is used instead of %variable% .

Please enable Javascript to ensure correct displaying of this content and refresh this page.