Technical Information
Malicious functions:
Creates and executes the following:
- '' (downloaded from the Internet)
Modifies file system:
Creates the following files:
- %APPDATA%\Protected.exe
- %APPDATA%\55.exe
Network activity:
Connects to:
- 'bt##4.com':80
- 'wp#d':80
TCP:
HTTP GET requests:
- http://bt##4.com/aaa/Protected.exe
- http://bt##4.com/aaa/55.exe
- http://11#.#11.111.1/wpad.dat via wp#d
UDP:
- DNS ASK bt##4.com
- DNS ASK wp#d
Miscellaneous:
Creates and executes the following:
- '%APPDATA%\Protected.exe'
- '%APPDATA%\55.exe'