Technical Information
Malicious functions:
Executes the following:
- %WINDIR%\explorer.exe
Injects code into
the following system processes:
- %WINDIR%\explorer.exe
the following user processes:
- iexplore.exe
Searches for windows to
detect analytical utilities:
- ClassName: 'pediy06' WindowName: ''
- ClassName: 'GBDYLLO' WindowName: ''
- ClassName: 'OLLYDBG' WindowName: ''
Modifies file system :
Creates the following files:
- <SYSTEM32>\config32\servhost.exe
- %APPDATA%\addon.dat