Technical Information
To ensure autorun and distribution:
Creates the following files on removable media:
- <Drive name for removable media>:\Autorun.inf
- <Drive name for removable media>:\SysFile.exe
- <Drive name for removable media>:\CDEjector.com
Malicious functions:
Executes the following:
- '<SYSTEM32>\shutdown.exe' -t 10 -s
Modifies file system :
Creates the following files:
- C:\CDEjector.com
- C:\SysFile.exe
- C:\Autorun.inf
- %PROGRAM_FILES%\Windows Media Player\SysWin.exe
- %PROGRAM_FILES%\FlashInfo.exe
- %PROGRAM_FILES%\SysWin.exe
Sets the 'hidden' attribute to the following files:
- <Drive name for removable media>:\SysFile.exe
- <Drive name for removable media>:\CDEjector.com
- <Drive name for removable media>:\Autorun.inf
- C:\SysFile.exe
- C:\CDEjector.com
- C:\Autorun.inf