Name: Win32.Maya.410 Category: Viruses Description: Details Win32.Maya.4106 To get access to Windows functions the virus scans KERNEL32 export table, gets the GetProcAddress function address and then by using this value gets addresses of necessary functions: KERNEL32.DLL: GetModuleHandleA GetProcAddress CreateFileA WriteFile GetFileSize CreateFileMappingA MapViewOfFile UnmapViewOfFile CloseHandle FindFirstFileA FindNextFileA FindClose SetFilePointer SetEndOfFile GetCurrentDirectoryA SetCurrentDirectoryA GetFileAttributesA SetFileAttributesA GetSystemTime GetWindowsDirectoryA USER32.DLL and ADVAPI32.DLL: RegOpenKeyExA RegSetValueExA MessageBoxA SystemParametersInfoA The "per-process resident" code of the virus scans current (host) process imports table and hooks following Windows file access functions, if the process imports them: MoveFileA CopyFileA CreateFileA DeleteFileA SetFileAttributesA GetFileAttributesA GetFullPathNameA CreateProcessA The virus also contains the text strings: To Aparna S. : Forever in love with youall AYAM IAHS Control PanelDesktop TileWallpaper WallpaperStyle SLAM.BMP