Technical Information
Malicious functions:
Creates and executes the following:
- %WINDIR%\stalin.exe
- %WINDIR%\stalin.exe (downloaded from the Internet)
Modifies file system :
Creates the following files:
- %WINDIR%\stalin.exe
Network activity:
Connects to:
- 'em###bank.org':80
TCP:
HTTP GET requests:
- em###bank.org/tech.gif
UDP:
- DNS ASK em###bank.org