Technical Information
To ensure autorun and distribution:
Creates or modifies the following files:
- %HOMEPATH%\Start Menu\Programs\Startup\E010A7.lnk
Malicious functions:
Executes the following:
- '<SYSTEM32>\0e80f9\W31E896.EXE'
- '%WINDIR%\explorer.exe' <Current directory>\
Modifies file system:
Creates the following files:
- <SYSTEM32>\0e80f9\HtmlView.fne
- <SYSTEM32>\0e80f9\eAPI.fne
- <SYSTEM32>\0e80f9\W31E896.TXT
- <SYSTEM32>\0e80f9\internet.fne
- <SYSTEM32>\0e80f9\W31E896.EXE
- %TEMP%\E_N4\dp1.fne
- %TEMP%\E_N4\krnln.fnr
- <SYSTEM32>\0e80f9\krnln.fnr
- <SYSTEM32>\0e80f9\dp1.fne
Miscellaneous:
Searches for the following windows:
- ClassName: '' WindowName: ''