virus logo Virus

SymbOS/Skulls.E

description-logoAnalysis

  • It is a Symbian virus, packed in .sis format.
  • Displays the following message prompting the user to install:
    • Install Mariya?
  • Drops the following non-functioning files to disable the relevant applications in the phone:
    • C:\System\Apps\Appctrl\Appctrl.aif
    • C:\System\Apps\Appctrl\Appctrl.app
    • C:\System\Apps\BtUi\BtUi.aif
    • C:\System\Apps\BtUi\BtUi.app
    • C:\System\Apps\efileman\efileman.aif
    • C:\System\Apps\efileman\efileman.app
    • C:\System\Apps\FExplorer\FExplorer.aif
    • C:\System\Apps\FExplorer\FExplorer.app
    • C:\System\Apps\File\File.aif
    • C:\System\Apps\File\File.app
    • C:\System\Apps\FileManager\FileManager.aif
    • C:\System\Apps\FileManager\FileManager.app
    • C:\System\Apps\FileView\FileView.aif
    • C:\System\Apps\FileView\FileView.app
    • C:\System\Apps\MediaGallery\MediaGallery.aif
    • C:\System\Apps\MediaGallery\MediaGallery.app
    • C:\System\Apps\mmcapp\mmcapp.aif
    • C:\System\Apps\mmcapp\mmcapp.app
    • C:\System\Apps\Phone\Phone.aif
    • C:\System\Apps\Phone\Phone.app
    • C:\System\Apps\Phonebook\Phonebook.aif
    • C:\System\Apps\Phonebook\Phonebook.app
    • C:\System\Apps\ProfileApp\ProfileApp.aif
    • C:\System\Apps\ProfileApp\profileapp.app
    • C:\System\Apps\SmartFileMan\SmartFileMan.aif
    • C:\System\Apps\SmartFileMan\SmartFileMan.app
    • C:\System\Apps\Startup\Startup.aif
    • C:\System\Apps\Startup\Startup.app
    • C:\System\Apps\SystemExplorer\SystemExplorer.aif
    • C:\System\Apps\SystemExplorer\SystemExplorer.app
    • C:\System\Apps\ThNdRbRd\ThNdRbRd.aif
    • C:\System\Apps\ThNdRbRd\ThNdRbRd.app
    • C:\System\Apps\Voicerecorder\Voicerecorder.aif
    • C:\System\Apps\Voicerecorder\Voicerecorder.app
  • Drops the following files:
    • C:\System\Apps\Mariya\Mariya.APP (Fortinet detects it as SymbOS/Cabir.A!worm)
    • C:\System\Apps\Mariya\Mariya.RSC
    • C:\System\Apps\Mariya\Naw.MDL (Fortinet detects it as SymbOS/Cabir_ezboot.V)
    • C:\System\data\Backgroundimage.mbm
    • C:\System\Nawrasxsecuredata\NawraSSECURITYMANAGER\Mariya.SIS (Fortinet detects it as SymbOS/Cabir.D!worm)
    • C:\System\Nawrasxsecuredata\NawraSSECURITYMANAGER\Mariya.APP (Fortinet detects it as SymbOS/Cabir.A!worm)
    • C:\System\Nawrasxsecuredata\NawraSSECURITYMANAGER\Mariya.RSC
    • C:\System\Recogs\Naw.MDL
  • Attempts to send the virus file Mariya.SIS  to other mobile phones via bluetooth.

    • recommended-action-logoRecommended Action

    • Delete all modules and binary files associated with this threat. Replace affected applications with backup copies.

    Telemetry logoTelemetry

    Detection Availability

    FortiGate
    FortiClient
    FortiAPS
    FortiAPU
    FortiMail
    FortiSandbox
    FortiWeb
    Web Application Firewall
    FortiIsolator
    FortiDeceptor
    FortiEDR
    ID 63907
    Released Jun 30, 2005
    Description
    Updated    		 Jan 11, 2007
    Aliases Trojan.SymbOS.Skuller.d, SymbOS/Skulls.e trojan, Troj/Skulls-E
    Platform Profile Symbian OS