Technical Information
Malicious functions:
Executes the following:
- '<SYSTEM32>\svchost.exe'
Injects code into
the following system processes:
- <SYSTEM32>\svchost.exe
Hides the following processes:
- <Full path to virus>
Network activity:
Connects to:
- 'www.ms#.com':80
TCP:
HTTP GET requests:
- www.ms#.com/
UDP:
- DNS ASK www.ms#.com
Miscellaneous:
Searches for the following windows:
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'