Nimda


Name: Nimda
Aliases: Concept Virus (CV) v.5, W32.Nimda, Minda, W32.Minda, I-Worm.Nimda, Code Rainbow , PE_Nimda.A, CV-5,
Ports: 25, 69, 80, 137, 138, 139, 445
Files: Readme.exe - 57,344 bytes (version A)Load.exe - Sample.exe - (version E)Mmc.exe - overwitten by wormCsrss.exe - (version E)Readme.eml - 120 bytes Puta!!.eml - (version B)Puta!!.scr - (version B)???.eml - ???.nws - Riched20.dll - (version A, the original file is overwitten by Nimda, and replaced)Admin.dll - Httpodbc.dll - (version E)Wininit.ini - Mep*.tmp.exe - (version A)Mep*.tmp - (version A) - 24,576 bytes (??) - 26,112 bytes (version Q) - 26,624 bytes (version J) - 27,136 bytes (version B) - 28,672 bytes (version C) - 844,800 bytes (version I)
Created: Sep 2001
Requires:
Actions: Virus / Worm / Mail trojan / Network trojan / Hacking tool
Registers: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MapMail, CacheHKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folder, Cache
Notes: Works on Windows 95, 98, ME, NT, 2000 and XP, together with MS Internet Information Server (IIS), MS Internet Explorer 5.5 SP1, MS Outlook , MS Outlook Express and MS Word.
Country:
Program:

© Copyright von Braun Consultants. This information may include technical inaccuracies or typographical errors. If you have any questions or further information about the actual trojan above, please contact Joakim von Braun at <joakim.von.braun@risab.se>