Technical Information
Malicious functions:
To complicate detection of its presence in the operating system,
blocks the following features:
- Windows Security Center
Searches for windows to
detect analytical utilities:
- ClassName: 'OLLYDBG' WindowName: ''
Network activity:
Connects to:
- 'bs#####c.bluehell.org':6667
UDP:
- DNS ASK bs#####c.bluehell.org
Miscellaneous:
Searches for the following windows:
- ClassName: '__oxFrame.class__' WindowName: ''
- ClassName: 'IMWindowClass' WindowName: ''
- ClassName: 'WispWindowClass' WindowName: ''
- ClassName: 'AIM_CSignOnWnd' WindowName: ''