Technical Information
Malicious functions:
Executes the following:
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\vbc.exe
Modifies file system :
Creates the following files:
- %TEMP%\windump.exe
- %APPDATA%\jusched.exe
Sets the 'hidden' attribute to the following files:
- %APPDATA%\jusched.exe
Network activity:
Connects to:
- '45.#1.98.95':4444
- '26.##4.141.46':4444
- '<Private IP address>':80
- '73.##7.197.194':4444
- '<Private IP address>':445
- '<Private IP address>':139
- '18#.#72.127.243':4444