Technical Information
To ensure autorun and distribution:
Modifies the following registry keys:
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] 'AppInit_DLLs' = ' 3ivxlmhs.dll'
Modifies file system :
Creates the following files:
- <SYSTEM32>\wpcaulib.dll
- <SYSTEM32>\p2pndiac.dat
- <SYSTEM32>\3ivxlmhs.dll
- <SYSTEM32>\rendmqrt.exe
Network activity:
Connects to:
- '67.##5.160.76':25
UDP:
- DNS ASK ma##.yahoo.com
- DNS ASK ya##o.com