Technical Information
To ensure autorun and distribution:
Creates or modifies the following files:
- %ALLUSERSPROFILE%\Start Menu\Programs\Startup\winlogs.lnk
Malicious functions:
To complicate detection of its presence in the operating system,
forces the system hide from view:
- hidden files
Creates and executes the following:
- '%CommonProgramFiles%\System\explorer.exe'
Modifies file system :
Creates the following files:
- C:\dxstdb.bmp
- C:\bbdwga.gif
- C:\RECYCLER\winlogon.exe
- C:\evhtin.jpg
- %CommonProgramFiles%\System\explorer.exe
- %CommonProgramFiles%\lnvudc.dll
- C:\eentvb.txt
Sets the 'hidden' attribute to the following files:
- %CommonProgramFiles%\System\explorer.exe
- %CommonProgramFiles%\lnvudc.dll
Moves the following files:
- from C:\dxstdb.bmp to %ALLUSERSPROFILE%\Desktop\МФ±¦№єОпA.url
- from C:\bbdwga.gif to %ALLUSERSPROFILE%\Desktop\Гв·СµзУ°C.url
- from C:\eentvb.txt to %ALLUSERSPROFILE%\Desktop\Intennet Exploner.lnk
- from C:\evhtin.jpg to %ALLUSERSPROFILE%\Desktop\ёД±дДгµДТ»Йъ.url
Miscellaneous:
Searches for the following windows:
- ClassName: 'Maxthon2_Frame' WindowName: ''
- ClassName: '360se_Frame' WindowName: ''
- ClassName: 'IEFrame' WindowName: ''
- ClassName: '_____TTFrameWnd__101__' WindowName: ''