A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #14623  by hx1997
 Fri Jul 13, 2012 10:35 pm
360Tencent wrote:W32.Morto.B

http://www.symantec.com/connect/blogs/w ... ts-arsenal
W32.Morto first surfaced in August 2011 causing a stir when it targeted weak passwords on Remote Desktop Protocol Connections in order to propagate across networks. W32.Morto.B, the new variant, now has the ability to infect executable files on a compromised computer.
Got a sample.

Virus:Win32/Morto.A
MD5: 001104C582C51C272F8027F143750C7F
SHA1: 8B8C00E33300B029BD42A2D7695D3E77A98FF759

https://www.virustotal.com/file/6505811 ... /analysis/
Attachments
infected
(181.05 KiB) Downloaded 162 times