Technical Information
To ensure autorun and distribution:
Creates or modifies the following files:
- %ALLUSERSPROFILE%\Start Menu\Programs\Startup\Office.exe
Infects the following executable system files:
- <SYSTEM32>\dllcache\mspaint.exe.new
Substitutes the following executable system files:
- <SYSTEM32>\mspaint.exe with <SYSTEM32>\mspaint.exe.new
- <SYSTEM32>\mspaint.exe with <SYSTEM32>\mspaint.exe
Creates the following files on removable media:
- <Drive name for removable media>:\Denah.exe
Modifies file system :
Creates the following files:
- <SYSTEM32>\mspaint.exe.new
- <SYSTEM32>\dllcache\mspaint.exe.new
- %WINDIR%\mspaint.exe
- C:\Wallpaper.exe
Moves the following system files:
- from <SYSTEM32>\mspaint.exe to <SYSTEM32>\mspaintAris.exe