W32.Binghe


Aliases: W32/Binghe
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: Inactive
Spreading: Slow
Geographical info: N/A
Removal: Easy
Platform: W32
Discovered: 02 Oct 2002
Damage: Low

Characteristics: The W32.Binghe program is a worm virus capable of copying itself to the G, F, D and E drives if the write function is enabled on these drives. This worm is also known to drop the malware Backdoor.Darksun into the compromised computer system.

More details about W32.Binghe

Known as detection for a group of malware files for the Microsoft Windows Operating System platform, the W32.Binghe malware will create a host of files upon successful execution. These files are the Win32.exe, Sysddzl.dll, Systempm.exe and ~Temddz in the directory C:\ Windows\ System and the files ~Mssetup.exe and Autorun.inf in the G, F, D and E drives. The file Win32.exe is the main executable of the Backdoor.Darksun Trojan. This file’s attributes are set to system and hidden. It is compressed using UPX and is 266,391 bytes long. When this file is launched, it will copy itself as the C:\ Windows\ System\ Msvcdd.exe. This file’s attributes are set to system and read-only. The Systempm.exe is a duplicate of the Win32.exe and the Sysddl.dll and ~temddz are non-rival text files.

According to several reports, the attributes of all copies of the files Autorun.inf and ~mssetup.exe are set to hidden as well with the ~mssetup.exe file containing the W32.Binghe. On the other hand, the Autorun.inf file contains the text [AUTORUN] open=“~mssetup.exe”. Research shows that the the W32.Binghe malware is also a backdoor. It allows unauthorized access to a compromised computer and it logs keystrokes, takes data, and has the ability to execute different applications.