Technical Information
Malicious functions:
Creates and executes the following:
- %TEMP%\WinsInc.exe 300 "<Full path to virus>"
- <SYSTEM32>\tsuisw.exe 300 "<Full path to virus>"
- %TEMP%\WinsInc.exe
Modifies file system :
Creates the following files:
- <SYSTEM32>\tsuisw.exe
- %TEMP%\WinsInc.exe
Sets the 'hidden' attribute to the following files:
- <SYSTEM32>\tsuisw.exe
Deletes itself.
Network activity:
Connects to:
- 'tm#.#o-ip.info':4562
UDP:
- DNS ASK tm#.#o-ip.info
Miscellaneous:
Searches for the following windows:
- ClassName: 'mIRC' WindowName: ''