Technical Information
Malicious functions:
Creates and executes the following:
- '<Current directory>\rxxms20140619\脚本\xms.exe'
Modifies file system :
Creates the following files:
- <Current directory>\rxxms20140619\脚本\九泉挂机100+.txt
- <Current directory>\rxxms20140619\脚本\九泉挂机200+.txt
- <Current directory>\rxxms20140619\脚本\九泉挂机300+.txt
- <Current directory>\rxxms20140619\脚本\三邪关.txt
- <Current directory>\rxxms20140619\脚本\九字阵挂机测试.txt
- <Current directory>\rxxms20140619\脚本\九泉挂机.txt
- <Current directory>\rxxms20140619\脚本\九泉挂机400+.txt
- <Current directory>\rxxms20140619\脚本\南林.txt
- <Current directory>\rxxms20140619\脚本\南林—南明洞.txt
- <Current directory>\rxxms20140619\脚本\南林—南明湖.txt
- <Current directory>\rxxms20140619\脚本\九泉挂机50+.txt
- <Current directory>\rxxms20140619\脚本\九泉挂机土灵符返回.txt
- <Current directory>\rxxms20140619\脚本\北海冰宫.txt
- <Current directory>\rxxms20140619\sound\发现.wav
- <Current directory>\rxxms20140619\sound\喇叭.wav
- <Current directory>\rxxms20140619\sound\成功.WAV
- <Current directory>\rxxms20140619\set.ini
- <Current directory>\rxxms20140619\sound\canyon.mid
- <Current directory>\rxxms20140619\sound\中华人民共和国国歌.mid
- <Current directory>\rxxms20140619\sound\提示.wav
- <Current directory>\rxxms20140619\挂机点.txt
- <Current directory>\rxxms20140619\更新日志.txt
- <Current directory>\rxxms20140619\脚本\xms.exe
- <Current directory>\rxxms20140619\sound\消息.wav
- <Current directory>\rxxms20140619\sound\电话.wav
- <Current directory>\rxxms20140619\sound\警报.wav
- <Current directory>\rxxms20140619\脚本\南林土灵符回补弓.txt
- <Current directory>\rxxms20140619\脚本\虎峡谷.txt
- <Current directory>\rxxms20140619\脚本\虎峡谷全职.txt
- <Current directory>\rxxms20140619\脚本\血魔洞卡墙柳善回补.txt
- <Current directory>\rxxms20140619\脚本\神武本地挂机.txt
- <Current directory>\rxxms20140619\脚本\神武门到正洞三土灵符返回.txt
- <Current directory>\rxxms20140619\脚本\神门—南明湖.txt
- <Current directory>\rxxms20140619\脚本\邪洞1.txt
- <Current directory>\rxxms20140619\自动登陆.exe
- <SYSTEM32>\zzxxcck.dll
- %TEMP%\zzxxcck.dll
- <Current directory>\rxxms20140619\脚本\邪洞2.txt
- <Current directory>\rxxms20140619\脚本\邪洞3.txt
- <Current directory>\rxxms20140619\脚本制作说明.txt
- <Current directory>\rxxms20140619\脚本\柳善府.txt
- <Current directory>\rxxms20140619\脚本\柳正弓挂机.txt
- <Current directory>\rxxms20140619\脚本\正洞1.txt
- <Current directory>\rxxms20140619\脚本\南林(全职).txt
- <Current directory>\rxxms20140619\脚本\幻影.txt
- <Current directory>\rxxms20140619\脚本\松月关.txt
- <Current directory>\rxxms20140619\脚本\正洞2.txt
- <Current directory>\rxxms20140619\脚本\百武关.txt
- <Current directory>\rxxms20140619\脚本\神武到南明洞全职业脚本.txt
- <Current directory>\rxxms20140619\脚本\神武到正洞3全职业脚本.txt
- <Current directory>\rxxms20140619\脚本\正洞3.txt
- <Current directory>\rxxms20140619\脚本\泫勃派(全职).txt
- <Current directory>\rxxms20140619\脚本\百武-虎峡谷土灵符返回.txt
- <Current directory>\rxxms20140619\map\201.jpg
- <Current directory>\rxxms20140619\map\2101.jpg
- <Current directory>\rxxms20140619\map\2201.jpg
- <Current directory>\rxxms20140619\map\1901.jpg
- <Current directory>\rxxms20140619\map\20001.jpg
- <Current directory>\rxxms20140619\map\2001.jpg
- <Current directory>\rxxms20140619\map\23001.JPG
- <Current directory>\rxxms20140619\map\25203.jpg
- <Current directory>\rxxms20140619\map\25204.jpg
- <Current directory>\rxxms20140619\map\25205.jpg
- <Current directory>\rxxms20140619\map\23002.JPG
- <Current directory>\rxxms20140619\map\25100.jpg
- <Current directory>\rxxms20140619\map\25202.jpg
- <Current directory>\rxxms20140619\map\1001.jpg
- <Current directory>\rxxms20140619\map\101.jpg
- <Current directory>\rxxms20140619\map\1101.jpg
- <Current directory>\rxxms20140619\config.ini
- <Current directory>\rxxms20140619\gameset.txt
- <Current directory>\rxxms20140619\item.txt
- <Current directory>\rxxms20140619\map\1201.jpg
- <Current directory>\rxxms20140619\map\1601.jpg
- <Current directory>\rxxms20140619\map\1701.jpg
- <Current directory>\rxxms20140619\map\1801.jpg
- <Current directory>\rxxms20140619\map\1301.JPG
- <Current directory>\rxxms20140619\map\1401.jpg
- <Current directory>\rxxms20140619\map\1501.jpg
- <Current directory>\rxxms20140619\map\25206.jpg
- <Current directory>\rxxms20140619\map\503.jpg
- <Current directory>\rxxms20140619\map\5401.jpg
- <Current directory>\rxxms20140619\map\5501.jpg
- <Current directory>\rxxms20140619\map\5001.jpg
- <Current directory>\rxxms20140619\map\501.jpg
- <Current directory>\rxxms20140619\map\502.jpg
- <Current directory>\rxxms20140619\map\6001.jpg
- <Current directory>\rxxms20140619\map\901.jpg
- <Current directory>\rxxms20140619\rxjh.dll
- <Current directory>\rxxms20140619\rxxms.exe
- <Current directory>\rxxms20140619\map\601.jpg
- <Current directory>\rxxms20140619\map\701.jpg
- <Current directory>\rxxms20140619\map\801.jpg
- <Current directory>\rxxms20140619\map\25210.jpg
- <Current directory>\rxxms20140619\map\25301.jpg
- <Current directory>\rxxms20140619\map\25501.jpg
- <Current directory>\rxxms20140619\map\25207.jpg
- <Current directory>\rxxms20140619\map\25208.jpg
- <Current directory>\rxxms20140619\map\25209.jpg
- <Current directory>\rxxms20140619\map\25701.jpg
- <Current directory>\rxxms20140619\map\401.jpg
- <Current directory>\rxxms20140619\map\402.jpg
- <Current directory>\rxxms20140619\map\403.jpg
- <Current directory>\rxxms20140619\map\25800.jpg
- <Current directory>\rxxms20140619\map\26000.jpg
- <Current directory>\rxxms20140619\map\301.jpg
Sets the 'hidden' attribute to the following files:
- <Current directory>\rxxms20140619\脚本\xms.exe
Miscellaneous:
Searches for the following windows:
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'