virus logo Virus

W32/Taripox.B

description-logoAnalysis

  • Virus is 32bit and has a UPX compressed size of 21,504 bytes
  • When virus is executed, it will write itself to the Windows folder as “mmoplib.exe”
  • Virus will modify the registry to load at Windows startup-
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
    CurrentVersion\Run\
    mmopl = C:\Windows\mmoplib.exe
  • When emails are sent via SMTP, virus may add an infected file attachment to the original email, as in this example –
    [Original]
    To: [anyone]
    Subject: [anything]
    Body: [anything]
    Attachment: [none]

    [Modified]
    To: [anyone]
    Subject: [anything]
    Body: [anything]
    Attachment: [infected file attachment]

  • Virus contains this string –
    W32.Taricone-B.worm@proxy by I.V.E.L.

Telemetry logoTelemetry

ID 323659
Released May 02, 2003
Description
Updated		 Jul 02, 2003
Aliases I-Worm.Taripox.B1, W32.Carrytone.A@mm, W32.Taripox@mm, W32/Taripox.worm.b, W32/Tariprox-B, Win32.HLLM.Taricone.40960
Platform Profile Win32 file format / PE 32 bit