Virus

W32/Hantaner.A

Analysis

  • Virus is 32bit, with a UPX compressed viral body size of 24064 bytes
  • The virus seeks the Kazaa file sharing folder by looking into the registry and attacks EXE files – files are infected by the virus in a prepending manner, where the virus copies itself to the beginning of host files
  • Virus is coded in Delphi and contains the following string, which is a derivative of the virus name:

    HANTA-Vjoiner