Technical Information
Malicious functions:
To complicate detection of its presence in the operating system,
blocks the following features:
- User Account Control (UAC)
Creates and executes the following:
- <LS_APPDATA>\Xenocode\ApplianceCaches\1.exe_v2E07E9C5\Native\STUBEXE\@SYSTEM@\Lsas.exe
Modifies file system :
Creates the following files:
- %WINDIR%\Systemp.txt
- <SYSTEM32>\Lsas.exe
Deletes the following files:
- %TEMP%\~DF566B.tmp
Network activity:
Connects to:
- 'jy####.no-ip.info':2185
UDP:
- DNS ASK jy####.no-ip.info