Technical Information
Malicious functions:
Executes the following:
- '%ProgramFiles%\Internet Explorer\IEXPLORE.EXE' -Embedding
- '%WINDIR%\regedit.exe' /s c:\1.reg
- '%WINDIR%\che08.exe'
- '<SYSTEM32>\cmd.exe' /c c:\355674543.bat
Modifies file system:
Creates the following files:
- %WINDIR%\bemark2.dat
- C:\1.reg
- %WINDIR%\che08.exe
- C:\355674543.bat
Sets the 'hidden' attribute to the following files:
- %WINDIR%\bemark2.dat
- %WINDIR%\che08.exe
Deletes the following files:
- %WINDIR%\che08.exe
- C:\1.reg
Deletes itself.
Network activity:
Connects to:
- '58###25537.com':80
TCP:
HTTP POST requests:
- http://58###25537.com/be/first.php
UDP:
- DNS ASK 58###25537.com
Miscellaneous:
Searches for the following windows:
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '' WindowName: ''