Payload:
Large scale e-mailing: Sends email messages using its own SMTP engine
Causes system instability: Sends data to fethard.biz and fethard-finance.com in an attempt to perform a Denial Of Serivce
Distribution
Subject of email: don't be late! [random string of letters]
Name of attachment: readnow.zip
Size of attachment: 10,912
When W32.Mimail.D@mm is executed, it does the following:
Copies itself as %Windir%\cnfrm.exe.
--------------------------------------------------------------------------------
Note: %Windir% is a variable. The worm locates the Windows installation folder (by default, this is C:\Windows or C:\Winnt) and copies itself to that location.
--------------------------------------------------------------------------------
Adds the value:
"Cnfrm" = "%Windir%\cnfrm.exe"
to the registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run