Technical Information
To ensure autorun and distribution:
Creates the following files on removable media:
- <Drive name for removable media>:\autorun.inf
- <Drive name for removable media>:\CHANDU_PANKAJ.exe
- <Drive name for removable media>:\explr.bat
Malicious functions:
Executes the following:
- <SYSTEM32>\attrib.exe +h +s Autorun.inf
- <SYSTEM32>\attrib.exe +h +s explr.bat
- <SYSTEM32>\attrib.exe +h +s chpk.exe
- <SYSTEM32>\attrib.exe -h -s chpk.exe
- <SYSTEM32>\attrib.exe -h -s Autorun.inf
Modifies file system :
Creates the following files:
- C:\CHANDU_PANKAJ.exe
- C:\autorun.inf
- C:\explr.bat
- %TEMP%\~1.bat
- <LS_APPDATA>\CHANDU_PANKAJ.exe
Sets the 'hidden' attribute to the following files:
- <Drive name for removable media>:\autorun.inf
- <Drive name for removable media>:\explr.bat
- C:\explr.bat
- %TEMP%\~1.bat
- C:\autorun.inf