Technical Information
To ensure autorun and distribution:
Creates the following files on removable media:
- <Drive name for removable media>:\keyreg.vbs
Modifies file system:
Creates the following files:
- %TEMP%\winrar-x86-54b2.exe
- %TEMP%\keyreg.vbs
- %TEMP%\50C3XP1.jpg
Sets the 'hidden' attribute to the following files:
- <Drive name for removable media>:\keyreg.vbs
Deletes the following files:
- %TEMP%\50C3XP1.jpg
Network activity:
Connects to:
- 'localhost':1036
- 'al###.no-ip.biz':81
UDP:
- DNS ASK al###.no-ip.biz
Miscellaneous:
Searches for the following windows:
- ClassName: 'EDIT' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
Creates and executes the following:
- '%TEMP%\winrar-x86-54b2.exe'
- '<SYSTEM32>\wscript.exe' "%TEMP%\keyreg.vbs"
Executes the following:
- '<SYSTEM32>\schtasks.exe' /Create /TN WindowsUpda2ta /xml %TEMP%\50C3XP1.jpg