Technical Information
Malicious functions:
Creates and executes the following:
- '%TEMP%\update.exe'
- '%TEMP%\update.exe' (downloaded from the Internet)
Terminates or attempts to terminate
the following user processes:
- chrome.exe
Modifies file system :
Creates the following files:
- %TEMP%\eklenti\manifest.json
- %TEMP%\eklenti\Preferences
- %TEMP%\update.exe
- %TEMP%\eklenti\script.js
- %TEMP%\eklenti\background.js
- %TEMP%\eklenti\icon.png
- %TEMP%\eklenti\jquery-1.9.1.min.js
Network activity:
Connects to:
- 'l2###eless.com':80
TCP:
HTTP GET requests:
- l2###eless.com/eklenti/manifest.json
- l2###eless.com/eklenti/Preferences
- l2###eless.com/eklenti/update.exe
- l2###eless.com/eklenti/script.js
- l2###eless.com/eklenti/background.js
- l2###eless.com/eklenti/icon.png
- l2###eless.com/eklenti/jquery-1.9.1.min.js
UDP:
- DNS ASK l2###eless.com