Technical Information
Malicious functions:
Creates and executes the following:
- '<Current directory>\putty.exe'
- '<Current directory>\putty.exe' (downloaded from the Internet)
Modifies file system :
Creates the following files:
- <Current directory>\putty.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\putty[1].exe
Network activity:
Connects to:
- 'th#.#arth.li':80
- 'localhost':1035
TCP:
HTTP GET requests:
- th#.#arth.li/~sgtatham/putty/latest/x86/putty.exe
UDP:
- DNS ASK th#.#arth.li