Technical Information
Malicious functions:
Creates and executes the following:
- 'C:\Spyket\spyket.exe'
Modifies file system :
Creates the following files:
- %TEMP%\XxX.xXx
- %TEMP%\UuU.uUu
- %APPDATA%\logs.dat
- C:\Spyket\spyket.exe
- %TEMP%\XX--XX--XX.txt
Sets the 'hidden' attribute to the following files:
- %APPDATA%\logs.dat
- C:\Spyket\spyket.exe
Deletes the following files:
- %TEMP%\XxX.xXx
- %TEMP%\UuU.uUu
- %TEMP%\XX--XX--XX.txt
Network activity:
Connects to:
- 'ha####gyao.3322.org':84
- 'ma####.sytes.net':83
- 'ma####.selfip.com':82
UDP:
- DNS ASK la#####ing.myftp.org
- DNS ASK m7##.3322.org
- DNS ASK ha####gyao.3322.org
- DNS ASK ma####.selfip.com
- DNS ASK ma####.sytes.net