Narilam: A ‘New’ Destructive Malware Used In the Middle East

Several days ago, our colleagues from Symantec published an analysis of a new destructive malware reported in the Middle East. Dubbed “Narilam”, the malware appears to be designed to corrupt databases. The database structure naming indicates that targets are probably in Iran.

We have identified several samples related to this threat. All of them are ~1.5MB Windows PE executables, compiled with Borland C++ Builder. If we are to trust the compilation headers, they appear to have been created in 2009-2010, which means it might have been in the wild for a while:

The earliest known sample has a timestamp of “Thu Sep 03 19:21:05 2009”.

Read more: Narilam: A ‘New’ Destructive Malware Used In the Middle East