Severity
Medium
Analysis Summary
W32/Shodi-F – a virus targeting Windows platform – seeks to infect all files with the EXE extension, except for specific Windows system files. W32/Shodi-F specifically targets Scandskw.exe, Winmine.exe, Sol.exe, Pbrush.exe, and Notepad.exe files in the Windows folder. After targeting, it creates a thread to look for additional exe files on the system, including any open network shares to the infected host. W32/Shodi-F drops Troj/Remadm-C, a remote administration Trojan, and also drops JPG file to the Windows system folder with the USR_Shohdi_Photo_USR.jpg filename.
Impact
- Information Theft
- Credential Theft
Indicators of Compromise
MD5
- 2cc5bb81afbb3aa2432b5d9a7919b90d
- 052aeab44fc86c43fb2a07962874686d
- 42d72f879eab43c806795dd578407210
SHA-256
- c27a3dc97f9e29ba944cb8dabaac2c44cf8295a862410b47414808b23d0f479c
- 1985551660585547334dfc78c4906459d9c86318c46c9c9a83b9234d8ac21147
- 7ab592911bd50b4b6052a3d59fac4c636cc143b778cb371e92b4cfb50e99e57b
SHA-1
- b19235095269cb1bb7acc1ea0da5e475c97e21c0
- 47f4a89307ffa4bc5523df2e2633b507705a6451
- 32c1a8ad2ab5d046949082eea3c8316632d42cda
Remediation
- Block the threat indicators at their respective controls.
- Search for IOCs in your environment.