PE_PAGIPEF.AW-O

This Portable Executable (PE) file infector may be downloaded from remote sites by other malware. It may be downloaded unknowingly by a user when visiting malicious Web sites.

It drops files and executes them. It terminates the initially executed copy and executes the dropped copy. It stays resident in the affected system's memory and injects code.

It registers itself as a system service to ensure its automatic execution at every system startup. It does this by creating a registry key.

It modifies registry entries as part of its installation routine.

It drops copies of itself in all physical drives and in all removable drives. It drops an AUTORUN.INF file to automatically execute dropped copies when the drives are accessed.

It accesses Web sites to download a file. As a result, malicious routines of the downloaded file may be exhibited on the affected system.

It terminates processes that contain certain strings, if found running in memory.

It creates mutexes to ensure that only one instance of itself is running in memory.

Related Items