Skip navigation.
Home

MS08-067 Gimmiv Worm

Here is the Gimmiv worm that was created for the latest Microsoft patch. Kudos to Microsoft for patching the flaw out of band and not sitting on it.

d65df633dc2700d521ae4dff8c393bff

Please comment if you upload other samples and I will update this post.

Thanks to Dobby for these additional samples:

dc3fdfde66fffb6cfbec946a237787d8
f173007fbd8e2190af3be7837acd70a4
3ee354cc8b63b8849b28e6f376f2b263
6c3e53864541bb13fa7853f7b580b807
24cd978da62cff8370b83c26e134ff4c
86d75ae361637a8f9114bb3a40f710d3
ee70f981514803e1fb4e6b65f492a56d
8d66f28d028a4838d09ce4b91d35b7cb
477aac8d472a7bea8b906718a2f50c67

n1-n9

dc3fdfde66fffb6cfbec946a237787d8 n1.exe_
f173007fbd8e2190af3be7837acd70a4 n2.exe_
3ee354cc8b63b8849b28e6f376f2b263 n3.exe_
6c3e53864541bb13fa7853f7b580b807 n4.exe_
24cd978da62cff8370b83c26e134ff4c n5.exe_
86d75ae361637a8f9114bb3a40f710d3 n6.exe_
ee70f981514803e1fb4e6b65f492a56d n7.exe_
8d66f28d028a4838d09ce4b91d35b7cb n8.exe_
477aac8d472a7bea8b906718a2f50c67 n9.exe_

basesvc.dll and syicon.dll

does anyone have the required basesvc.dll and syicon.dll for this worm?

01C9353CF8E3321E_basesvc_dll.

01C9353CF8E3321E_basesvc_dll.PE 311296 f16407336da79e783c3a6d2c8633de0c
http://www.offensivecomputing.net/?q=ocsearch&ocq=f16407336da79e783c3a6d2c8633de0c

01C9353CF8E59478_syicon_dll.PE 200704 60d692fd52098f145e448bd985fcff6d
http://www.offensivecomputing.net/?q=ocsearch&ocq=60d692fd52098f145e448bd985fcff6d

thank you

Thank you!

Our Micropoint protect us against Microsoft SecurityHole-MS08067

Micropoint Forum » Virus
http://bbs.micropoint.cn/forumdisplay.asp?fid=15

Found Trojan.genus , delete it or not?
program(s):
F:\EXPLOITMS08-067 WIN32GIMMIV A\N1.EXE
Trojan program(s) generates files as below:
1) C:\WINDOWS\SYSTEM32\WBEM\SYSMGR.DLL
Delete Trojan program(s) and its remains or not?

Time KEY Name Original value New value Creator

HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SYSMGR\PARAMETERS\ SERVICEDLL C:\WINDOWS\SYSTEM32\WBEM\SYSMGR.DLL F:\EXPLOITMS08-067 WIN32GIMMIV A\N1.EXE

HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SYSMGR\ IMAGEPATH %SYSTEMROOT%\SYSTEM32\SVCHOST.EXE -K SYSMGR F:\EXPLOITMS08-067 WIN32GIMMIV A\N1.EXE

sysmgr.dll

9 kinds of file sysmgr.dll
(nY.exe create file sysmgr [Y].dll)

70f1114f1bc77d860fc1d37489c5f599 sysmgr [1].dll
1cdc67b1d55e9a2d30c0dba193375c11 sysmgr [2].dll
d14f812fa974818121eaa043d9e33c99 sysmgr [3].dll
c2c271b34dbaf91e4f54a17bbb352178 sysmgr [4].dll
06fbcf231d6db6e97d4dba5251252658 sysmgr [5].dll
768b0f2a83075b77889fe3732f504ac0 sysmgr [6].dll
c7e02aa2ea29392641a6d800aa3aba03 sysmgr [7].dll
d37f21cfea4717e73b58292c541c850f sysmgr [8].dll
969b4c98a4570bbdc4299de353806459 sysmgr [9].dll

initproc0...x.cab

Does anyone have initproc0...x.cab?

Blocked by Norton

---------------------
Norton AntiVirus 2009