Technical Information
To ensure autorun and distribution:
Creates the following files on removable media:
- <Drive name for removable media>:\Autorun.inf
- <Drive name for removable media>:\Diskrun.exe
Malicious functions:
Executes the following:
- <SYSTEM32>\svchost.exe
Modifies file system :
Creates the following files:
- %ALLUSERSPROFILE%\Local Settings\Temp\caeffffd.com
Sets the 'hidden' attribute to the following files:
- <Drive name for removable media>:\Autorun.inf
- <Drive name for removable media>:\Diskrun.exe
Deletes itself.
Network activity:
Connects to:
- 'ja####uasbdiaa.com':80
- '8.#.8.8':53
- '8.#.4.4':53
TCP:
HTTP POST requests:
- ja####uasbdiaa.com/play/stat3.php
UDP:
- DNS ASK ja####uasbdiaa.com
- '8.#.4.4':1035