Fandom

Malware Wiki

Beef

1,346pages on
this wiki
Add New Page
Comments0 Share

Virus.Win32.Beef.2110 or Beef is a virus that runs on Win32 Operating Systems.

Behavior

Beef is a harmless memory resident parasitic Win32 virus. It stays in Windows memory and infects PE EXE files (Win32 executable files) that are being opened. While infecting the virus writes itself to the end of the file.

When the virus is run for the first time, it infects the EXPLORER.EXE file in Windows directory. Because EXPLORER.EXE file is active and locked by Windows for writing, the virus uses a standard trick to avoid that. It copies EXPLORER.EXE to BEEFREE.SYS file and infects it. Then the virus creates the WININIT.INI file with "rename" command in there that will replace original EXPLORER.EXE with its infected copy one next Windows restart.

When Windows is run with infected EXPLORER.EXE, the virus gets access to KERNEL32.DLL image in the system memory and patches two its exported API functions: LoadLibraryA and CreateFileA. Then when a PE EXE file is being opened, the virus infects it.

Videos

No videos available.

Ad blocker interference detected!


Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.