Technical Information
To ensure autorun and distribution:
Creates the following files on removable media:
- <Drive name for removable media>:\system.bat
- <Drive name for removable media>:\autorun.inf
Malicious functions:
Executes the following:
- '<SYSTEM32>\shutdown.exe' -s -t 0 -f
- '<SYSTEM32>\attrib.exe' C:\NTDETECT.COM -r -a -s -h
- '<SYSTEM32>\cmd.exe' /c C:\system.bat
Attempts to shut down the Windows operating system.
Modifies file system :
Creates the following files:
- C:\system.bat
- C:\autorun.inf
Sets the 'hidden' attribute to the following files:
- <Drive name for removable media>:\autorun.inf
- <Drive name for removable media>:\system.bat
- C:\autorun.inf
- C:\system.bat