Technical Information
Malicious functions:
Creates and executes the following:
- <Current directory>\windra.exe
- <Current directory>\windra.exe (downloaded from the Internet)
Modifies file system :
Creates the following files:
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\down[1].php
- <Current directory>\eП0¬
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\windra[1].exe
- <Current directory>\windra.exe
Network activity:
Connects to:
- 'mo####r4credit.us':80
- 'jo###mmunity.us':80
- 'localhost':1035
TCP:
HTTP GET requests:
- mo####r4credit.us/traffic/down.php
- jo###mmunity.us/windra.exe
UDP:
- DNS ASK mo####r4credit.us
- DNS ASK jo###mmunity.us