Technical Information
Malicious functions:
Executes the following:
- '<SYSTEM32>\cmd.exe' /c %TEMP%\s.cmd
Modifies file system :
Creates the following files:
- %TEMP%\s.cmd
- %TEMP%\hqjbrdy
- %TEMP%\aut1.tmp
Deletes the following files:
- %TEMP%\s.cmd
- %TEMP%\hqjbrdy
- %TEMP%\aut1.tmp
Deletes itself.