Technical Information
Malicious functions:
Executes the following:
- '<SYSTEM32>\cmd.exe' /c %TEMP%\s.cmd
Modifies file system :
Creates the following files:
- %TEMP%\s.cmd
- %TEMP%\epamfqt
- %TEMP%\aut8B9B.tmp
Deletes the following files:
- %TEMP%\s.cmd
- %TEMP%\epamfqt
- %TEMP%\aut8B9B.tmp
Deletes itself.