Technical Information
Malicious functions:
Executes the following:
- <SYSTEM32>\tasklist.exe
Modifies file system :
Deletes itself.
Network activity:
Connects to:
- '67###.dtdns.net':443
- 'localhost':1035
UDP:
- DNS ASK 67###.dtdns.net
Miscellaneous:
Searches for the following windows:
- ClassName: 'Shell_TrayWnd' WindowName: ''