Technical Information
Malicious functions:
Executes the following:
- <SYSTEM32>\svchost.exe
Modifies file system :
Creates the following files:
- %APPDATA%\WinRAR\version.dat
Miscellaneous:
Searches for the following windows:
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '' WindowName: 'GINA Logon'
- ClassName: 'WinRarWindow' WindowName: ''