Analysis by: Rhena Inocencio
ALIASES:

Worm:Win32/Gamarue (Microsoft), Trojan.Win32.Agent.ifal (Kaspersky)

 PLATFORM:

Windows

 OVERALL RISK RATING:
 DAMAGE POTENTIAL:
 DISTRIBUTION POTENTIAL:
 REPORTED INFECTION:
 INFORMATION EXPOSURE:

  • Threat Type: Worm

  • Destructiveness: No

  • Encrypted:

  • In the wild: Yes

  OVERVIEW

This worm is used to load and execute a file.

  TECHNICAL DETAILS

File Size: Varies
File Type: DLL
Initial Samples Received Date: 03 Jun 2015

Arrival Details

This malware arrives via the following means:

  • Arrives via removable drives
  • Dropped component by GAMARUE malware family
  • Executed by LNK component of GAMARUE malware family

Other Details

This worm requires the existence of the following files to properly run:

  • {removable drive letter}:\IndexerVolumeGuid

It is used to load and execute the following file:

  • {removable drive letter}:\IndexerVolumeGuid