Technical Information
Malicious functions:
Searches for windows to
detect analytical utilities:
- ClassName: 'Filemonclass' WindowName: '(null)'
- ClassName: 'Regmonclass' WindowName: '(null)'
Modifies file system :
Moves itself:
- from <Full path to virus> to fuck360
Network activity:
Connects to:
- 'localhost':8000
Miscellaneous:
Searches for the following windows:
- ClassName: '18467-41' WindowName: '(null)'
- ClassName: '4823-00000029' WindowName: '(null)'