BDTools.net Logo


Is your computer infected? Check our new 30 seconds QuickScan (Beta) to find out:


Permanent Internet Protection
BitDefender Internet Security Box
To maximize your online safety, we recommend BitDefender Internet Security.

Try Now!

What is Downadup?



Win32.Worm.Downadup is a worm that relies on the Microsoft Windows Server Service RPC Handling Remote Code Execution Vulnerability (MS08-67) in order to spread on other computers in the local network. The authors took various approaches to make this malware especially fast spreading and hard to remove.

This malware always comes wrapped in an obfuscated layer which aims at deterring analysis. The layer can be in two flavors, either packed with UPX or not packed, but it is always obfuscated and uses various rarely used apis to break emulators. The real malware is contained inside in an encrypted form. It is packed with a standard upx version, but to deter unpacking it is never written on disk and it doesn't have the PE header which makes it appear as an invalid executable. This has the side effect of being undetectable when injected into another process, it just looks as standard memory allocated page.

Read Full Technical Details about Win32.Worm.Downadup.
Bitdefender Antivirus Bitdefender Antivirus