Technical Information
Malicious functions:
Executes the following:
- '<SYSTEM32>\wermgr.exe' -queuereporting
- '<SYSTEM32>\rundll32.exe'
Injects code into
the following system processes:
- <SYSTEM32>\rundll32.exe
Modifies file system :
Creates the following files:
- <SYSTEM32>\cpcbiy.dll
- <SYSTEM32>\dhpjst.dll