Technical Information
Malicious functions:
Creates and executes the following:
- '%APPDATA%\plugin_dts.exe'
- '%APPDATA%\plugin_dts.exe' (downloaded from the Internet)
Executes the following:
- '<SYSTEM32>\sc.exe' config wscsvc start= disabled
Modifies file system :
Creates the following files:
- %APPDATA%\plugin_dts.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\plugin_dts[1].exe
Network activity:
Connects to:
- 'www.mi####mafm.com.br':80
TCP:
HTTP GET requests:
- www.mi####mafm.com.br/lytebox/uploads/plugin_dts.exe
UDP:
- DNS ASK www.mi####mafm.com.br