Worm.Win32.Dapato

General explanation

Type: Worm

Degree of destruction: high

Prevalence: high

Names of the malware:

  • Dropper.Win32.Dapato
  • Worm.Win32.Dapato

What is the worm?

Computer worms such as Dapato are types of malware that are capable of reproduction. For permanence, worms set ways to maintain the infection in each system boot. The prominent feature of worms is in their distribution which is generally perform through portable drives and shared directories in the network.

What is Dapato malware?

Generally, Dapato is malware that connects to different servers and downloads malicious files, and then executes them in the victim’s system. Also, the malware will be executed in each system boot and checks a different drive. If the drive is portable (Flash Drive, External Hard Drive, etc.) it will copy itself with the name of “NewFolder.exe” and checks all files and directories of the portable drive and if there is a directory inside the drive, it will place a copy of itself inside the drive and repeat it constantly.

Technical explanation

Signs of infection 

  1. This malware will copy itself in the portable drive and its included directory (“NewFolder.exe”).
  2. Creating a copy of itself in the following path:
    %AppData%\svchost10.exe
  3. Creating a permanence in the registry named “wireless config”:
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
  4. Downloaded files will be placed in the following path:
    %User Profile%\Application Data\win-645721.test
    %User Profile%\Application Data\cpp-logo285728.test

Note that in newer samples it is possible to change registry values and file names.

How to deal with it and disinfect the system

By UMP capability that is a part of behavioral protection, Padvish can prevent the system from infection through a portable drive. Therefore, to prevent infection to all types of malware that transfer through portable drives such as Dapato malware, it is recommended to install Padvish and prevent malware from entering and infecting the system.

If your system is infected by Dapato malware act as follows:

  1. Install Padvish on your system
  2. Connect the infected portable drive to your system
  3. Scan the portable drive using Padvish to disinfect both the system and portable drive.

  0 people found this article useful

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>