virus logo Virus

W32/Graps.A

description-logoAnalysis

  • Virus resembles BAT/Mumu in spreading technique and also with regard to attempts to access user accounts
  • Virus contains several components -
    MWD.EXE (53,248 bytes) – copy of virus
    WDS.BAT (1,229 bytes) – Batch script installer
    WDS2.BAT (500 bytes) – Batch script installer
    WDS3.BAT (544 bytes) – Batch script installer
    PSEXEC.EXE – freeware Utility used to initiate applications as a process
    MSWINSK.OCX – ActiveX program used for Winsock connectivity
  • Virus attempts to scan for systems which are potential target hosts – if one is found across the network, Virus will attempt to connect and copy itself to that target system – below is a list of files contained within the viral package
  • Virus attempts to map to target systems using the Administrator account in Windows NT/2000 English or French versions (Administrator, Administrateur, Administrador, admin) – the virus attempts to connect using the following passwords –
    ""
    "admin"
    "administrator"
    "password"
    "server"
    "123"
    "KKKKKKK"
  • Virus contains the string “mwd Storm of Grasp” in its code

Telemetry logoTelemetry

ID 322142
Released Jul 09, 2003
Description
Updated		 Jul 09, 2003
Aliases W32/Graps.worm
Platform Profile Win32 file format / PE 32 bit