Technical Information
Malicious functions:
Creates and executes the following:
- '<Current directory>\iexplore.exe'
- '<Current directory>\iexplore.exe' (downloaded from the Internet)
Terminates or attempts to terminate
the following user processes:
- iexplore.exe
Modifies file system :
Creates the following files:
- <Current directory>\libcurl.dll
- <Current directory>\iexplore.exe
Deletes the following files:
- <Current directory>\libcurl.dll
- <Current directory>\iexplore.exe
Network activity:
Connects to:
- 'pe##enia.pl':80
TCP:
HTTP GET requests:
- pe##enia.pl/lol/libcurl.dll
- pe##enia.pl/lol/iexplore.exe
UDP:
- DNS ASK pe##enia.pl