Technical Information
Malicious functions:
Creates and executes the following:
- '<Current directory>\se.exe'
- '<Current directory>\se.exe' (downloaded from the Internet)
Modifies file system :
Creates the following files:
- <Current directory>\se.exe
- <Current directory>\Res.dll
- <Current directory>\Lng.s
- <Current directory>\Temp\se.exe
- <Current directory>\Temp\Res.dll
- <Current directory>\Temp\Lng.s
Deletes the following files:
- <Current directory>\Temp\se.exe
- <Current directory>\Temp\Res.dll
- <Current directory>\Temp\Lng.s
Deletes itself.
Network activity:
Connects to:
- 'ap##.##ype.w-src.com':80
TCP:
HTTP GET requests:
- ap##.##ype.w-src.com/update/files/Lng.s
- ap##.##ype.w-src.com/update/updated.php?cl########################################################################
- ap##.##ype.w-src.com/update/files/Res.dll
- ap##.##ype.w-src.com/update/
- ap##.##ype.w-src.com/update/files/SE.exe
UDP:
- DNS ASK ap##.##ype.w-src.com
Miscellaneous:
Searches for the following windows:
- ClassName: '{WS}SE' WindowName: '(null)'