virus logo Virus

W32/Blebla.A

description-logoAnalysis

  • Virus is a combination-exploit implementing both an Iframe and cache-bypass exploit in order to execute without user intervention
  • Virus is two files, ROMEO.EXE and JULIET.CHM - both are encoded within an HTML format email message, which is created by the virus
  • ROMEO.EXE is 32bit, with a size of 29,184 bytes and is UPX compressed.
    JULIET.CHM is a compiled HTML file, with a size of 6,406 bytes.
  • Due to the nature of the HTML coding, when an infectious email is received and the user either previews or opens it in Outlook, the two files will be saved to the Windows\Temp folder and then executed directly
  • Virus will read contact names from the Windows address book and send emails in HTML format with the two files attached

Telemetry logoTelemetry

ID 320638
Released Oct 09, 2002
Description
Updated		 Jul 02, 2003
Aliases I-Worm/Verona, Win32.HLLW.Romeo
Platform Profile Win32 file format / PE 32 bit