Technical Information
To ensure autorun and distribution:
Creates the following services:
- [<HKLM>\SYSTEM\ControlSet001\Services\AppMgmt] 'Start' = '00000002'
Substitutes the following executable system files:
- <SYSTEM32>\appmgmts.dll with %TEMP%\1232.exe
Modifies file system :
Creates the following files:
- %TEMP%\1232.exe
Moves the following system files:
- from <SYSTEM32>\appmgmts.dll to <SYSTEM32>\appmgmts.dll.bak
Network activity:
Connects to:
- '69.##7.132.130':8992