File virus, designed to download other modules using a protocol P2P. The payload is an executable file, packed UPX, which initializes the startup data – port UDP Win32.Sector can perform a number of actions of a malicious hacker’s choice on your PC. Win32.Sector is a complex polymorphic malicious program that can spread on its own (without user intervention) and infect files. Its main function is to download various executables via P2P networks and run them on infected machines. This malicious program can inject its code into running processes, terminate certain anti-viruses and block access to the sites of their respective developers. Win32.Sector can infect files on local and removable disks (in the latter case, it can create the file autorun.inf on removable media) as well as in shared network folders. At present, there are several Win32.Sector modifications, each with a different P2P network communication protocol and different structural features. By design, Win32.Sector has no control servers; instead it connects with other bots running on infected machines. It determines whether the computer has an external IP address or connects to a network that uses NAT. When launched on an infected computer, Win32.Sector uses an initial list of IP addresses to connect to other bots. Open the windows share memory, the previously created shell code named purity_control_4428, which contains the actual configuration data and a pair of IP-address – port (node) to connect to P2P-networks. Open the windows share memory, which puts a list of nodes during operation of the module.

Win32.Sector