Technical Information
To ensure autorun and distribution:
Creates or modifies the following files:
- %ALLUSERSPROFILE%\Start Menu\Programs\Startup\Update.exe
Infects the following executable system files:
- %WINDIR%\twunk_32.exe
- %WINDIR%\TASKMAN.EXE
- %WINDIR%\winhlp32.exe
- %WINDIR%\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5\Microsoft.Workflow.Compiler.exe
- <Auxiliary element>
- %WINDIR%\NOTEPAD.EXE
- %WINDIR%\hh.exe
- %WINDIR%\regedit.exe
- %WINDIR%\sleep.exe
- %WINDIR%\sfk.exe