Technical Information
To ensure autorun and distribution:
Creates the following files on removable media:
- <Drive name for removable media>:\autorun.inf
Malicious functions:
Executes the following:
- <SYSTEM32>\attrib.exe +s +H C:\C0MM\C0MM
- <SYSTEM32>\attrib.exe -r -a C:\autorun.inf
- <SYSTEM32>\attrib.exe +s +H "<Current directory>\<Virus name>"
- <SYSTEM32>\attrib.exe +s +H C:\C0MM
Modifies file system :
Creates the following files:
- C:\autorun.inf
Miscellaneous:
Searches for the following windows:
- ClassName: '' WindowName: 'af32d3b0'