Win32/Parite [Threat Name] go to Threat
Win32/Parite.B [Threat Variant Name]
Category | virus |
Aliases | Virus.Win32.Parite.b (Kaspersky) |
W32.Pinfi (Symantec) | |
Win32.Parite.B (BitDefender) | |
Win32.Parite.2 (Dr.Web) |
Short description
Win32/Parite.B is a polymorphic file infector.
Installation
When executed the virus drops in folder %temp% the following file:
- %variable%.tmp (176128 B, Win32/Parite.B.packed)
A string with variable content is used instead of %variable% .
The virus loads and injects the %variable%.tmp library into the following processes:
- explorer.exe
The following Registry entries are created:
- [KEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer]
- "PINF" = %binvalue%
Executable file infection
Win32/Parite.B is a polymorphic file infector.
The virus searches local and network drives for files with one of the following extensions:
- .exe
- .scr
Files are infected by adding a new section that contains the virus .
The host file is modified in a way that causes the virus to be executed prior to running the original code.
The size of the inserted code is variable.