Technical Information
Malicious functions:
Executes the following:
- <SYSTEM32>\wbem\wmiadap.exe /R /T
Modifies file system :
Creates the following files:
- <SYSTEM32>\wbem\Performance\WmiApRpl_new.ini
Moves the following files:
- from <SYSTEM32>\wbem\Performance\WmiApRpl_new.ini to <SYSTEM32>\wbem\Performance\WmiApRpl.ini
- from <SYSTEM32>\wbem\Performance\WmiApRpl_new.h to <SYSTEM32>\wbem\Performance\WmiApRpl.h