Technical Information
Malicious functions:
To complicate detection of its presence in the operating system,
forces the system hide from view:
- hidden files
- file extensions
Modifies file system :
Moves itself:
- from <Full path to virus> to <LS_APPDATA>\logo0702.db
Network activity:
Connects to:
- 'ma##.#humetheme.org':80
TCP:
HTTP GET requests:
- ma##.#humetheme.org/trandocs/mm/crnjeufu:00-00-00-00-00-01/Cmwhite
- ma##.#humetheme.org/trandocs/netstate
HTTP POST requests:
- ma##.#humetheme.org/cgm-bin/dieosn83.cgi
UDP:
- DNS ASK ma##.#humetheme.org