Subscriptions | RSS Feeds | Discussions | Polls | Site Map




All Threats

Viruses

Hackers

Spam
Whole site    Viruses
  
Virus Encyclopedia
Riskware
Alerts
Analysis
News
Glossary
Weblog


Malware Environment
Malware Descriptions
Who Creates Malware
History of Malware
Malware Trends
If Your Computer Is Infected

 
Malware Description Search

 

  Home / Viruses / Virus Encyclopedia / Malware Descriptions / Network Worms / P2P Worms

P2P-Worm.Win32.Harex.a

Other versions: .b, .c

Aliases
P2P-Worm.Win32.Harex.a (Kaspersky Lab) is also known as: Worm.P2P.Harex.a (Kaspersky Lab), W32/Spybot.worm.gen.e (McAfee),   W32.Mexer.C.Worm (Symantec),   W32/Harex-A (Sophos),   Win32/P2P.Harex.A (RAV),   WORM_HAREX.A (Trend Micro),   Worm/P2P.Harex.A (H+BEDV),   W32/Harex.A (FRISK),   Worm/Harex.A (Grisoft),   Win32.P2P.Harex.A (SOFTWIN),   Worm Generic (Panda),   Win32/Harex.A (Eset)
Description added Aug 29 2003
Behavior P2P Worm
Technical details
Harex.a is an Internet worm that spreads via the peer to peer file sharing networks - Kazaa and iMesh. The worm is a Windows PE EXE file, approx. 15KB is size when compressed with PE Patch, Telock, PECompact.

Installation
When installing the Harex.a worm creates a sub catalog in the Windows directory called 'os32' and writes itself to this sub directory using the following names: 


Website Hacker.exe
Html Hacker.exe
Blowfish Decrypter.exe
Upx Unpacker.exe
Upx Unscrambler.exe
Upx Decrypter.exe
Upx Encrypter.exe
PeCompact Unpacker.exe
32lite Unpacker.exe
624 Unpacker.exe
aPack Unpacker.exe
aplib Unpacker.exe
avpack Unpacker.exe
axe Unpacker.exe
diet Unpacker.exe
epack Unpacker.exe
lglz Unpacker.exe
lzexe Unpacker.exe
megalite Unpacker.exe
pack Unpacker.exe
pklite Unpacker.exe
pk smart Unpacker.exe
pmode Unpacker.exe
pro-pack Unpacker.exe
rjcrush Unpacker.exe
rucc Unpacker.exe
syspack Unpacker.exe
vacuum Unpacker.exe
wwpack Unpacker.exe
XE Unpacker.exe
Xpack Unpacker.exe
Aspack Unpacker.exe
cExe Unpacker.exe
pc shrinker Unpacker.exe
Fsg Unpacker.exe
Neolite Unpacker.exe
Pe Diminisher Unpacker.exe
Petite Unpacker.exe
Gpx Unpacker.exe
Gupx Unpacker.exe
WWPack32 Unpacker.exe
Hotmail hacker.exe
aim hacker.exe
msn hacker.exe
mirc hacker.exe
irc hacker.exe
pirch hacker.exe
outlook express hacker.exe
outlook hacker.exe
email hacker.exe
pop hacker.exe
smtp hacker.exe
ssh hacker.exe
telnet hacker.exe
windows hacker.exe
dos hacker.exe
linux hacker.exe
unix hacker.exe
mac hacker.exe
network hacker.exe
nmapnt32.exe
nmap.exe
win32 hacker.exe
win16 hacker.exe
hacker.exe
Borland c++ Crack.exe
Microsoft C Crack.exe
Microsoft C++ Crack.exe
Microsoft Crack.exe
Macromedia Crack.exe
Windows Crack.exe
Xp Crack.exe
2k Crack.exe
98 Crack.exe
Encryption Crack.exe
Fbi hack.exe
Cia Hack.exe
Whitehouse Camera.exe
The Sims Superstar cheats.exe
Wild Rides Water Park Factory cheats.exe
Next Generation Tennis 2003 cheats.exe
Finding Nemo cheats.exe
Naval Campaigns Guadalcanal cheats.exe
Squad Battles Advance of the Reich cheats.exe
Enter the Matrix cheats.exe
Rise of Nations cheats.exe
Grand Theft Auto Vice City cheats.exe
Magnetic cheats.exe
Big Mutha Truckers cheats.exe
Robocop cheats.exe
Bloodrayne cheats.exe
The Sims Superstar crack.exe
Wild Rides Water Park Factory crack.exe
Next Generation Tennis 2003 crack.exe
Finding Nemo crack.exe
Naval Campaigns Guadalcanal crack.exe
Squad Battles Advance of the Reich crack.exe
Enter the Matrix crack.exe
Rise of Nations crack.exe
Grand Theft Auto Vice City crack.exe
Magnetic crack.exe
Big Mutha Truckers crack.exe
Robocop crack.exe
Bloodrayne crack.exe
The Sims Superstar update.exe
Wild Rides Water Park Factory update.exe
Next Generation Tennis 2003 update.exe
Finding Nemo update.exe
Naval Campaigns Guadalcanal update.exe
Squad Battles Advance of the Reich cheats.exe
Enter the Matrix cheats.exe
Rise of Nations cheats.exe
Grand Theft Auto Vice City cheats.exe
Magnetic cheats.exe
Big Mutha Truckers cheats.exe
Robocop cheats.exe
Bloodrayne cheats.exe
The Sims Superstar crack.exe
Wild Rides Water Park Factory crack.exe
Next Generation Tennis 2003 crack.exe
Finding Nemo crack.exe
Naval Campaigns Guadalcanal crack.exe
Squad Battles Advance of the Reich crack.exe
Enter the Matrix crack.exe
Rise of Nations crack.exe
Grand Theft Auto Vice City crack.exe
Magnetic crack.exe
Big Mutha Truckers crack.exe
Robocop crack.exe
Bloodrayne crack.exe
The Sims Superstar update.exe
Wild Rides Water Park Factory update.exe
Next Generation Tennis 2003 update.exe
Finding Nemo update.exe
Naval Campaigns Guadalcanal update.exe
Squad Battles Advance of the Reich update.exe
Enter the Matrix update.exe
Rise of Nations update.exe
Grand Theft Auto Vice City update.exe
Magnetic update.exe
Big Mutha Truckers update.exe
Robocop update.exe
Bloodrayne update.exe

The sub catalog records itself in the Windows registry as Local Content system file shares Kazaa and iMesh. The entries are below: 

HKCU\Software\Kazaa\LocalContent
 HKCU\Software\Kazaa\Transfer
  dir0 = 012345:%Windir%\system\os32\

 HKCU\Software\iMesh\Client\LocalContent
  dir0 = 012345:%Windir%\system\os32\

Other
The Harex.a worm downloads the file 'cnets.Ocatch.com' from a server via the Internet. This file contains the C: root catalog under the name 'Win32.exe'. Once this file is downloaded the worm executes it. The 'Win32.exe' file is like either a new version of the Harex worm or another malicious program.

 

Copyright © 1996 - 2010
Kaspersky Lab
Industry-leading Antivirus Software
All rights reserved
 

Email: webmaster@viruslist.com