VirusSymbOS/Skulls.C!tr
Analysis
SymbOS/Skulls.C!tr - 06-08-06
Installation to System:
- Drops the following files:
C:\System\RECOGS\YYSBootRec.mdl C:\System\RECOGS\$$$.MDL C:\System\MALAYSIAJOHOR--jb\yuanV3-diy-by-7022207\free$8.APP C:\System\MALAYSIAJOHOR--jb\yuanV3-diy-by-7022207\free$8.SIS
More Info:
1. It is a Symbian virus, packed in .sis format.
2. Pretends to be a sis pack of FSCaller to cheat user to install it.
3. Drops the following files to disable the relevant applications in the phone:
!:\System\Apps\anti-virus\anti-virus.app
!:\System\Apps\bootdata\bootdata.app
!:\System\Apps\bootdata\bootdata_caption.rsc
!:\System\Apps\data\data.app
!:\System\Apps\data\data_caption.rsc
!:\System\Apps\efileman\efileman.app
!:\System\Apps\fexplorer\fexplorer.app
!:\System\Apps\file\file.app
!:\System\Apps\freakappctrl\freakappctrl.app
!:\System\Apps\freakbtui\freakbtui.app
!:\System\Apps\fscaller\camera0.dll
!:\System\Apps\fscaller\camera1.dll
!:\System\Apps\fscaller\cameraserver.dll
!:\System\Apps\fscaller\fscaller.aif
!:\System\Apps\fscaller\fscaller.app
!:\System\Apps\fscaller\fscaller.mbm
!:\System\Apps\fscaller\fscaller.rsc
!:\System\Apps\fscaller\fscaller_caption.rsc
!:\System\Apps\fscaller\pixel.mbm
!:\System\Apps\nokiaApps\nokiaApps.app
!:\System\Apps\nokiaApps\nokiaApps_caption.rsc
!:\System\Apps\nokiafile\data.cfg
!:\System\Apps\nokiafile\img.mbm
!:\System\Apps\nokiafile\nokiafile.aif
!:\System\Apps\nokiafile\nokiafile.app
!:\System\Apps\nokiafile\nokiafile.rsc
!:\System\Apps\nokiafile\nokiafile_caption.rsc
!:\System\Apps\pjblue\pjblue.aif
!:\System\Apps\pjblue\pjblue.app
!:\System\Apps\pjblue\pjblue_caption.rsc
!:\System\Apps\smartfileman\smartfileman.app
!:\System\Apps\smartmovie\smartmovie.app
!:\System\Apps\Systemexplorer\Systemexplorer.app
4. Attempts to send virus file free$8.SIS to other mobile phone by Bluetooth.
5. Drops an animated GIF of a skull that is displayed once the device is rebooted. The image flashes and contains the text "WARNING!!! Device Have Been Attact By Virus A,Tee ,yuan ,Blue".
Telemetry
Detection Availability
| FortiGate | |
|---|---|
| FortiClient | |
| FortiAPS | |
| FortiAPU | |
| FortiMail | |
| FortiSandbox | |
| FortiWeb | |
| Web Application Firewall | |
| FortiIsolator | |
| FortiDeceptor | |
| FortiEDR |