algunos datos sobre este virus:
COVERT ANALYSIS OF: NRCS.EXE
- File Names Used: 237
- Paths Used: 35
- Common File Name: NRCS.EXE
- Common Path: %windir%\nt\
- Vendor Information: No Vendor details specified
- NRCS.EXE may use 237 or more path and file names, these are the most common:
- 1 :%WINDIR%\SYSTEM32\1.TMP
- 2 :%WINDIR%\SYSTEM32\18.TMP
- 3 :%WINDIR%\SYSTEM32\1C.TMP
- 4 :%WINDIR%\SYSTEM32\2.TMP
- 5 :%WINDIR%\SYSTEM32\24.TMP
- 6 :%WINDIR%\SYSTEM32\3.TMP
- 7 :%WINDIR%\SYSTEM32\384.TMP
- 8 :%WINDIR%\SYSTEM32\4.TMP
- 9 :%WINDIR%\SYSTEM32\42.TMP
- 10:%WINDIR%\SYSTEM32\45.TMP
- File Name Structure: Common
- File and Path Structure: Suspicious, unusually high number of file and path combinations
2. RELATIONSHIP ANALYSIS OF: NRCS.EXE - Malicious Objects Created: 1 objects
- Malicious Creators: 3
- Malware Run Keys: Creates registry run keys for known malware objects
- Self Persists: Yes, creates copies of itself
- Antivirus Detection: No third party antivirus detection observed
- Anti-Spyware Detection: No third party anti-spyware detection observed
3. ACTIVITY ANALYSIS OF: NRCS.EXE - The following behaviors have been observed for this object:
- Installs programs.
- Deletes programs.
- Invokes dll components.
- Registers Browser Help Objects.
- Creates Run Keys.
- Creates Run Once Keys.
- Runs other programs.
- Communicates with web sites using httpout protocols.
- Has mass mail capabilities.
- Communicates with other computers across the web.
- Scans active processes.
- Hijacks running processes.
- Creates registry entries.
- Creates run keys for known malware.
- Creates known malware.
- Creates copies of itself.
4. PROPAGATION ANALYSIS OF: NRCS.EXE - Malware Group Propagation Rate: Moderate (spreading)
- Malware Group: Generic Password Stealers
- Copyright Prevx Limited 2005, 2006