Technical Information
To ensure autorun and distribution:
Modifies the following registry keys:
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'googletalk' = '%APPDATA%\Google Talk\googletalk.exe /autostart'
Malicious functions:
Executes the following:
- <SYSTEM32>\systeminfo.exe
Modifies file system :
Creates the following files:
- %APPDATA%\Google Talk\googletalk.exe
- %APPDATA%\Microsoft\Sze\hqhmp
Deletes itself.
Miscellaneous:
Searches for the following windows:
- ClassName: '3 266 6' WindowName: '9 1'
- ClassName: '3 9 ' WindowName: '024'
- ClassName: '5 2355 1' WindowName: '95'
- ClassName: '5 2355 1' WindowName: '5 2355 1'
- ClassName: '7 03' WindowName: ' 377'
- ClassName: ' ' WindowName: '1554 82'
- ClassName: ' 277 5' WindowName: '3 3582170'
- ClassName: '7 49 2 4' WindowName: '56870'
- ClassName: '024' WindowName: '6'
- ClassName: '024' WindowName: '52 6'
- ClassName: ' 377' WindowName: '9140205 '
- ClassName: '024' WindowName: '9140205 '
- ClassName: ' ' WindowName: '024'
- ClassName: ' 84 7' WindowName: '95'
- ClassName: '3 9 ' WindowName: '9140205 '
- ClassName: 'Indicator' WindowName: ''
- ClassName: '3 80' WindowName: '215849 '
- ClassName: '23 47' WindowName: '23 47'
- ClassName: '25 923319' WindowName: '9'
- ClassName: '7 03' WindowName: ' 84 7'
- ClassName: '9140205 ' WindowName: '9'
- ClassName: ' 3 ' WindowName: '024'
- ClassName: ' ' WindowName: '5 2355 1'
- ClassName: '40' WindowName: '40'
- ClassName: '61 363' WindowName: '61 363'
- ClassName: '9 1' WindowName: '95'
- ClassName: '5 2355 1' WindowName: '52 6'
- ClassName: ' 84 7' WindowName: '6 0 '
- ClassName: '5 2355 1' WindowName: '6'
- ClassName: '5244 59' WindowName: '5244 59'
- ClassName: ' 47304' WindowName: '8 114'
- ClassName: '7827' WindowName: '95'
- ClassName: '6' WindowName: '667 '
- ClassName: '8 788438 ' WindowName: '8 788438 '
- ClassName: '007 13' WindowName: ' 639'
- ClassName: ' 1' WindowName: '7'
- ClassName: '7' WindowName: ' 5 58'
- ClassName: '52 03 77' WindowName: ' '
- ClassName: '7 40010' WindowName: '7 40010'
- ClassName: '1 480' WindowName: '8842'
- ClassName: ' 5 58' WindowName: '7'
- ClassName: ' 639' WindowName: ' 639'
- ClassName: '3' WindowName: '5 2355 1'
- ClassName: ' ' WindowName: '6565653'
- ClassName: '04844 44' WindowName: '17'
- ClassName: '9 1' WindowName: ' '