Technical Information
To ensure autorun and distribution:
Modifies the following registry keys:
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run] 'dlnbjjbdfb' = '%WINDIR%\system\llwzjy081217.exe'
Malicious functions:
To complicate detection of its presence in the operating system,
forces the system hide from view:
- hidden files
Executes the following:
- <SYSTEM32>\ntsd.exe -c q -p 1416
Injects code into
the following user processes:
- 360tray.exe
Modifies file system :
Creates the following files:
- %WINDIR%\system\mvjbj32dla.dll
- %ALLUSERSPROFILE%\jjjydf16.ini
- %WINDIR%\system\llwzjy081217.exe
Deletes itself.
Miscellaneous:
Searches for the following windows:
- ClassName: 'IEFrame' WindowName: ''
- ClassName: 'CabinetWClass' WindowName: ''