Technical Information
Malicious functions:
Executes the following:
- <SYSTEM32>\rundll32.exe "%PROGRAM_FILES%\sxcxv.bak",MyDLLEntry
Restores hooked functions in System Service Descriptor Table (SSDT).
Modifies file system :
Creates the following files:
- %WINDIR%\Fonts\jbjnh.fon
- %PROGRAM_FILES%\sxcxv.bak
Deletes the following files:
- %WINDIR%\Fonts\jbjnh.fon