Technical Information
Malicious functions:
Executes the following:
- '<SYSTEM32>\convert.exe'
Injects code into
the following system processes:
- <SYSTEM32>\convert.exe
Modifies file system :
Deletes itself.
Network activity:
Connects to:
- 'vo####.mydad.info':80
TCP:
HTTP GET requests:
- vo####.mydad.info/664/nok86.dat
UDP:
- DNS ASK vo####.mydad.info