Technical Information
Malicious functions:
Executes the following:
- '<SYSTEM32>\wangard.exe' 300 "<Full path to file>"
Modifies file system:
Creates the following files:
- <SYSTEM32>\wangard.exe
Sets the 'hidden' attribute to the following files:
- <SYSTEM32>\wangard.exe
Deletes itself.
Network activity:
Connects to:
- 'le####s.afraid.org':6667
UDP:
- DNS ASK le####s.afraid.org