Technical Information
To ensure autorun and distribution:
Creates the following files on removable media:
- <Drive name for removable media>:\autorun.inf
- <Drive name for removable media>:\myDisk\drivers.exe
Malicious functions:
Executes the following:
- '<SYSTEM32>\cmd.exe' /C echo. > "%APPDATA%\scvhost.exe":Zone.Identifier
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe'
- '<SYSTEM32>\cmd.exe'
Injects code into
the following system processes:
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
Modifies file system:
Creates the following files:
- %APPDATA%\scvhost.exe
Sets the 'hidden' attribute to the following files:
- <Drive name for removable media>:\autorun.inf
- <Drive name for removable media>:\myDisk\drivers.exe