Technical Information
To ensure autorun and distribution:
Modifies the following registry keys:
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'MS-1022-KB246389' = '%WINDIR%\services\rc0\service.exe'
Malicious functions:
Creates and executes the following:
- %WINDIR%\services\rc0\service.exe "<Full path to virus>"
Modifies file system :
Creates the following files:
- %WINDIR%\services\rc0\service.exe
Deletes itself.
Network activity:
UDP:
- DNS ASK www.si##265.net
- 'www.si##265.net':80