Technical Information
To ensure autorun and distribution:
Creates the following services:
- [<HKLM>\SYSTEM\ControlSet001\Services\scSound] 'Start' = '00000002'
Modifies file system :
Creates the following files:
- <DRIVERS>\tcpirp.sys
- <SYSTEM32>\svc2sua.exe
- <DRIVERS>\k1.sys
Network activity:
Connects to:
- 'km####sv3c.4dq.com':443
- 'km####sv3c.6600.org':8080
- 'km####sv3c.4dq.com':8080
- 'km####sv3c.4dq.com':1863
- 'km####sv3c.6600.org':1863
- '21#.#8.190.70':1863
- '21#.#8.190.70':443
- 'km####sv3c.6600.org':443
- '21#.#8.190.70':8080
UDP:
- DNS ASK km####sv3c.4dq.com
- DNS ASK km####sv3c.6600.org
Miscellaneous:
Searches for the following windows:
- ClassName: 'Indicator' WindowName: '(null)'