Happy Days.exe: Difference between revisions
→top: clean up, typos fixed: korean → Korean
No edit summary |
(→top: clean up, typos fixed: korean → Korean) |
||
| Line 2: | Line 2: | ||
[[File:Happydays.png|thumb|131x131px|The icon of '''Happy_Days_.exe'''.]] | [[File:Happydays.png|thumb|131x131px|The icon of '''Happy_Days_.exe'''.]] | ||
Happy_Days_.exe is a | Happy_Days_.exe is a Korean [[screamer]] application. It is very similar to the other Win32/Flaghost malware however the screamer picture that it shows is slightly altered. Once executed, a black popup box is shown randomly that contains the screamer picture and a blue colored text saying "^^ Happy days... please 5 seconds... to close" | ||
After 5 seconds the pop up will close however it will randomly show up again and it does that in an infinite loop until the computer gets rebooted. By looking into the file assembly you will see that the application has the text "Scanregw" as the product name which is an attempt to trick the user into thinking that the application is a Registry Scanner. Since the application is coded in Visual Basic 6 Korean the file "vb6ko.dll" must be installed on the users computer or the application can not be executed. | After 5 seconds the pop up will close however it will randomly show up again and it does that in an infinite loop until the computer gets rebooted. By looking into the file assembly you will see that the application has the text "Scanregw" as the product name which is an attempt to trick the user into thinking that the application is a Registry Scanner. Since the application is coded in Visual Basic 6 Korean the file "vb6ko.dll" must be installed on the users computer or the application can not be executed. | ||
