Technical Information
Malicious functions:
Creates and executes the following:
- %TEMP%\cachedump.exe -s
- %TEMP%\cachedump.exe
- %TEMP%\pwdump.exe
Modifies file system :
Creates the following files:
- %TEMP%\pstgdump.exe
- %TEMP%\cachedump.exe
- <Current directory>\127.0.0.1.cachedump
- \Device\LanmanRedirector\127.0.0.1\PIPE\winreg
- %TEMP%\fgexec.exe
- %TEMP%\pwdump.exe
- \Device\LanmanRedirector\127.0.0.1\pipe\svcctl
- %TEMP%\lstarget.dll
- %TEMP%\imokav.exe
Deletes the following files:
- %TEMP%\lstarget.dll
- %TEMP%\imokav.exe
- %TEMP%\pwdump.exe
- %TEMP%\pstgdump.exe
- %TEMP%\cachedump.exe
- %TEMP%\fgexec.exe
Network activity:
Connects to:
- 'localhost':445