Technical Information
To ensure autorun and distribution:
Creates or modifies the following files:
- %HOMEPATH%\Start Menu\Programs\Startup\Microsoft Update.lnk
Modifies file system:
Creates the following files:
- %TEMP%\aut1.tmp
- %TEMP%\ooaegwi
- %TEMP%\aut2.tmp
- %TEMP%\PXQIKA.exe
- %TEMP%\Skyp\Usermode Font Drive Host.exe
- %TEMP%\2zmru5uf.0.cs
- %TEMP%\2zmru5uf.cmdline
- %TEMP%\2zmru5uf.out
- %TEMP%\CSC3.tmp
- %TEMP%\RES4.tmp
- %TEMP%\2zmru5uf.dll
Deletes the following files:
- %TEMP%\aut1.tmp
- %TEMP%\ooaegwi
- %TEMP%\aut2.tmp
- <SYSTEM32>\d3d9caps.dat
- %TEMP%\RES4.tmp
- %TEMP%\CSC3.tmp
- %TEMP%\2zmru5uf.out
- %TEMP%\2zmru5uf.cmdline
- %TEMP%\2zmru5uf.dll
- %TEMP%\2zmru5uf.0.cs
Substitutes the following files:
- <SYSTEM32>\d3d9caps.dat
Network activity:
Connects to:
- 'xc####tx.ddns.net':1337
UDP:
- DNS ASK xc####tx.ddns.net
Miscellaneous:
Creates and executes the following:
- '%TEMP%\PXQIKA.exe'
Executes the following:
- '%WINDIR%\Microsoft.NET\Framework\v4.0.30319\csc.exe' /noconfig /fullpaths @"%TEMP%\2zmru5uf.cmdline"
- '%WINDIR%\Microsoft.NET\Framework\v4.0.30319\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES4.tmp" "%TEMP%\CSC3.tmp"