Technical Information
Malicious functions:
Creates and executes the following:
- '%WINDIR%\twitty02.exe'
Executes the following:
- '<SYSTEM32>\cmd.exe' /c %WINDIR%\xdv34567.bat
Modifies file system :
Creates the following files:
- %WINDIR%\xdv34567.bat
- %WINDIR%\tw23567.dat
- <Current directory>\x2.dat
- %WINDIR%\twitty02.exe
Sets the 'hidden' attribute to the following files:
- %WINDIR%\tw23567.dat
Deletes the following files:
- <Current directory>\x2.dat
Deletes itself.
Network activity:
Connects to:
- '74.##5.232.51':80
TCP:
HTTP GET requests:
- http://www.google.com/ via 74.##5.232.51
UDP:
- DNS ASK www.google.com