Technical Information
Malicious functions:
Creates and executes the following:
- <Current directory>\directx.exe
- <Current directory>\directx.exe (downloaded from the Internet)
Modifies file system :
Creates the following files:
- <Current directory>\directx.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\directx[1].exe
Network activity:
Connects to:
- 'www.di###tel.com':80
TCP:
HTTP GET requests:
- www.di###tel.com/download/directx.exe
UDP:
- DNS ASK www.di###tel.com
Miscellaneous:
Searches for the following windows:
- ClassName: 'Shell_TrayWnd' WindowName: ''