Haher

This page shows details and results of our analysis on the malware Haher

Download Current DAT: 6617

Threat Detail

Malware Type: -

Malware Sub-type: Trojan

Discovery Date: 2003-07-28

Next Steps:

Overview
Characteristics
Symptoms
Method of Infection
Removal

Overview

Minimum DAT

4283 (2003-08-06)

Updated DAT

4640 (2005-11-30)

Minimum Engine

5.1.00

File Length

57.344 bytes

Description Added

2003-07-28

Description Modified

2003-08-01

Malware Proliferation

Characteristics

Detection of the "Haher" trojan was added to cover for a binary file called "HA.EXE" (Note that the filename might vary). The file is of 32 bit PE filetype and the filesize is 57.344 bytes.

When (manually) run on an user system, it displays a gui messagebox titled "HAHA" multiple times. The number of processes increases so fast that the user can't manually kill them in the windows task manager and is thus more or less forced to reboot the machine.

During testing, no file system changes were encountered.

Symptoms

- Presence "HA.EXE" , 57.344 bytes
- Multiple gui messagebox titled "HAHA"

Method of Infection

-Manually running the HA.EXE binary file.

Removal

Use current engine and DAT files for detection and removal.Removal requires removing the entry in the SYSTEM.INI file and restart to MS-DOS mode to delete the file manually from the Windows and Windows\System folders.