Technical Information
Malicious functions:
Executes the following:
- '%WINDIR%\explorer.exe'
Terminates or attempts to terminate
the following system processes:
- %WINDIR%\Explorer.EXE
Modifies file system :
Creates the following files:
- %WINDIR%\fxsst.dll
- %WINDIR%\Help\MSWINCN98.CHI
- %WINDIR%\Help\VBDEFL98.CHI
- <SYSTEM32>\fxsst.dll
Sets the 'hidden' attribute to the following files:
- %WINDIR%\Help\MSWINCN98.CHI
- %WINDIR%\Help\VBDEFL98.CHI
Deletes itself.
Network activity:
Connects to:
- 'www.as#####ilandbank.com':8800
UDP:
- DNS ASK www.as#####ilandbank.com
Miscellaneous:
Searches for the following windows:
- ClassName: 'OleMainThreadWndClass' WindowName: ''
- ClassName: 'SystemTray_Main' WindowName: ''
- ClassName: 'CSCHiddenWindow' WindowName: ''
- ClassName: 'SysListView32' WindowName: ''
- ClassName: 'Proxy Desktop' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'BaseBar' WindowName: 'ChanApp'