Technical Information
Malicious functions:
Executes the following:
- '%WINDIR%\XXInstall\ps.exe' /pid=2852
- '%ProgramFiles%\Internet Explorer\IEXPLORE.EXE' "<Full path to file>"
Modifies file system:
Creates the following files:
- %APPDATA%\logs.txt
Network activity:
Connects to:
- '17#.#97.189.158':21
- '17#.#97.189.158':2244