Technical Information
Malicious functions:
Injects code into
the following user processes:
- cmd.exe
Modifies file system:
Creates the following files:
- <LS_APPDATA>\cmd.exe
- <LS_APPDATA>\dNGOsTE
Miscellaneous:
Creates and executes the following:
- '<LS_APPDATA>\cmd.exe'
Executes the following:
- '<SYSTEM32>\cmd.exe' /C REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /V cmd.exe /T REG_SZ /D <LS_APPDATA>\cmd.exe
- '<SYSTEM32>\reg.exe' ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /V cmd.exe /T REG_SZ /D <LS_APPDATA>\cmd.exe