Win32/Parite [Threat Name] go to Threat

Win32/Parite.B [Threat Variant Name]

Category virus
Aliases Virus.Win32.Parite.b (Kaspersky)
  W32.Pinfi (Symantec)
  Win32.Parite.B (BitDefender)
  Win32.Parite.2 (Dr.Web)
Short description

Win32/Parite.B is a polymorphic file infector.

Installation

When executed the virus drops in folder %temp% the following file:

  • %variable%.tmp (176128 B, Win32/Parite.B.packed)

A string with variable content is used instead of %variable% .


The virus loads and injects the %variable%.tmp library into the following processes:

  • explorer.exe

The following Registry entries are created:

  • [KEY_CURRENT_USER\­Software\­Microsoft\­Windows\­CurrentVersion\­Explorer]
    • "PINF" = %binvalue%
Executable file infection

Win32/Parite.B is a polymorphic file infector.


The virus searches local and network drives for files with one of the following extensions:

  • .exe
  • .scr

Files are infected by adding a new section that contains the virus .


The host file is modified in a way that causes the virus to be executed prior to running the original code.


The size of the inserted code is variable.

Please enable Javascript to ensure correct displaying of this content and refresh this page.