Technical Information
To ensure autorun and distribution:
Creates the following services:
- [<HKLM>\SYSTEM\ControlSet001\Services\EGATHDRV] 'Start' = '00000002'
Modifies file system :
Creates the following files:
- <Current directory>\EGLIC.TMP
- <Current directory>\4FB41155.tmp
- <Current directory>\egathb18.tmp
- <Current directory>\egidb18.txt
- %WINDIR%\EGATHDRV.TMP
- <SYSTEM32>\temp.000
- <Current directory>\<Auxiliary name>, Inc.-<Auxiliary name> Xirtual Platform-<Auxiliary name>-56 4d 1d c2 1c bc 17 d3-77 1e 00 da a1 23 09 f0.EG2
Deletes the following files:
- <Current directory>\EGLIC.TMP
- <Current directory>\4FB41155.tmp
- <Current directory>\egidb18.txt