Technical Information
To ensure autorun and distribution:
Modifies the following registry keys:
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'd-x10bc' = '%APPDATA%\dx10bac\d-xdiag10bc.exe'
Creates the following files on removable media:
- <Drive name for removable media>:\setup.exe
- <Drive name for removable media>:\autorun.inf
Modifies file system :
Creates the following files:
- %TEMP%\dw.log
- %APPDATA%\temp\Set.bin
- %APPDATA%\dx10bac\d-xdiag10bc.exe
Sets the 'hidden' attribute to the following files:
- <Drive name for removable media>:\autorun.inf
Network activity:
Connects to:
- 'ir#.dal.net':6667
UDP:
- DNS ASK --.#-.--.--
- DNS ASK ir#.dal.net
- 'localhost':1107
- 'localhost':1106
- 'localhost':1111
- 'localhost':1109
- 'localhost':1098
- '<Private IP address>':1077
- 'localhost':1099
- 'localhost':1102
- 'localhost':1101
- '<Private IP address>':1076
- '<Private IP address>':1080
- '<Private IP address>':1081
- '<Private IP address>':1082
- 'localhost':1119
- 'localhost':1114
- '<Private IP address>':1079
- 'localhost':1118
- 'localhost':1116
- 'localhost':1096
- 'localhost':1047
- 'localhost':1045
- 'localhost':1054
- 'localhost':1052
- 'localhost':1044
- '23#.#55.255.250':1900
- '<Private IP address>':1035
- 'localhost':1040
- 'localhost':1039
- 'localhost':1074
- '<Private IP address>':1078
- 'localhost':1090
- 'localhost':1075
- 'localhost':1069
- 'localhost':1065
- 'localhost':1055
- 'localhost':1068
- 'localhost':1066