Technical Information
Malicious functions:
Creates and executes the following:
- <LS_APPDATA>\zq3.exe (downloaded from the Internet)
- <LS_APPDATA>\zq2.exe (downloaded from the Internet)
- <LS_APPDATA>\zq1.exe (downloaded from the Internet)
Modifies file system :
Creates the following files:
- <LS_APPDATA>\zq3.exe
- <LS_APPDATA>\zq2.exe
- <LS_APPDATA>\zq1.exe
Network activity:
Connects to:
- 'www.na###-etc.com':80
TCP:
HTTP GET requests:
- www.na###-etc.com/trash/ma3.gif
- www.na###-etc.com/trash/ma2.gif
- www.na###-etc.com/trash/ma1.gif
UDP:
- DNS ASK www.na###-etc.com
- '<Private IP address>':1037