JavaScript support is required for our site to be fully operational in your browser.
Win32.HLLO.Siggen.5
Added to the Dr.Web virus database:
2019-08-14
Virus description added:
2019-08-14
Technical Information
To ensure autorun and distribution
Modifies the following registry keys
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'MicrosoftВ® WindowsВ® Operating System' = '%ALLUSERSPROFILE%\Application Data\xxvvra.exe'
Modifies file system
Creates the following files
%ALLUSERSPROFILE%\application data\xxvvra.exe
C:\recycler .exe
%ProgramFiles% .exe
C:\pagefile.sys .exe
C:\ntldr .exe
C:\ntdetect.com .exe
C:\msocache .exe
C:\system volume information .exe
C:\msdos.sys .exe
C:\io.sys .exe
C:\documents and settings .exe
C:\config.sys .exe
C:\boot.ini .exe
C:\autoexec.bat .exe
%ALLUSERSPROFILE%\application data\saaaalamm\mira.h
<Current directory> .exe
%WINDIR% .exe
Sets the 'hidden' attribute to the following files
%ALLUSERSPROFILE%\application data\saaaalamm\mira.h
Miscellaneous
Creates and executes the following
'%ALLUSERSPROFILE%\application data\xxvvra.exe'
Download Dr.Web for Android
Free three-month trial
All protection features available
Renew your trial license in AppGallery/on Google Pay
By continuing to use this website, you are consenting to Doctor Web’s use of cookies and other technologies related to the collection of visitor statistics. Learn more
OK