W32/PrettyPark.37376

description-logoAnalysis

  • Virus is 32bit with a WWPack32 compressed size of 37,376 bytes
  • Virus icon resembles a character from an adult cartoon "South Park"
  • Virus will copy itself as Files32.vxd to the Windows\System folder
  • Virus may modify the registry to run any time an EXE file is run, as in this
    example -

    HKEY_CLASSES_ROOT\exefile\shell\open\command
    (Default) = Files32.vxd "undefined1" undefined*

  • Next, the virus will periodically scavenge the address book in Outlook and attempt to email itself to all contacts found - email will be in this format -

    Subject: C:\CoolProgs\Pretty Park.exe
    Attachment: "Pretty Park.exe"

  • Virus may also attempt to connect to the IRC network and connect with a specific channel, then data to that channel - this is probably in an effort to convey to the author of the virus that a system has become infected with the virus

Telemetry logoTelemetry