Technical Information
Malicious functions
Searches for registry branches where third party applications store passwords
- [<HKCU>\Software\Paltalk]
Modifies file system
Creates the following files
- %TEMP%\<File name>.exe
Deletes itself.
Network activity
TCP
HTTP GET requests
- http://dl###.comli.com/index.php?ac#############################################
- http://dl###.comli.com/index.php?ac#######################################################################
UDP
- DNS ASK dl###.comli.com
- DNS ASK 00###bhost.com
Miscellaneous
Searches for the following windows
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebCheckMonitor' WindowName: ''
Creates and executes the following
- '%TEMP%\<File name>.exe'