virus logo Virus

W32/Maz.Dropper

description-logoAnalysis

  • Threat is encoded in VBScript
  • Threat uses VBScript instructions to write a file to the local system as "c:\mware.exe" and then executes it
  • The constructed file "c:\mware.exe" is 32bit and has a UPX compressed file size of 4096 bytes and is known as W32/Maz - this executable then downloads another Trojan from a preconfigured web address and executes it
  • This threat may have been mass-mailed as spam from a hacker or group of hackers
  • The downloader threat contains these strings -

    Hello, world Inor

Telemetry logoTelemetry

ID 320689
Released Jan 23, 2003
Description
Updated		 Jul 03, 2003
Aliases TrojanDropper.VBS.Inor
Platform Profile Win32 file format / PE 32 bit