Technical Information
Malicious functions:
Executes the following:
- %WINDIR%\explorer.exe ::\
Modifies file system :
Creates the following files:
- <SYSTEM32>\win32ini.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\win32ini[1].exe
- <SYSTEM32>\openflash.exe
Sets the 'hidden' attribute to the following files:
- <SYSTEM32>\win32ini.exe
- <SYSTEM32>\openflash.exe
Network activity:
Connects to:
- 'www.lo###robot.ru':80
- 'localhost':1036
TCP:
HTTP GET requests:
- www.lo###robot.ru/resource/win32ini.exe
UDP:
- DNS ASK www.lo###robot.ru