Technical Information
Malicious functions:
Executes the following:
- <SYSTEM32>\wuauclt.exe
Modifies file system :
Creates the following files:
- %ALLUSERSPROFILE%\Local Settings\Temp\msdubmn.com
Deletes itself.
Network activity:
Connects to:
- 'de####heidel.com':80
- '8.#.8.8':53
- '8.#.4.4':53
TCP:
HTTP POST requests:
- de####heidel.com/image.php
UDP:
- DNS ASK de####heidel.com
- '8.#.4.4':1038