Technical Information
To ensure autorun and distribution:
Creates the following files on removable media:
- <Drive name for removable media>:\recycle.{S-1-5-21-823518204-2000478354-1177238915-500}\usb_driver.com
- <Drive name for removable media>:\AUTORUN.INF
Malicious functions:
Searches for windows to
detect analytical utilities:
- ClassName: 'OLLYDBG' WindowName: ''
- ClassName: 'FileMonClass' WindowName: ''
detect programs and games:
- ClassName: 'MSNHiddenWindowClass' WindowName: ''
Modifies file system :
Sets the 'hidden' attribute to the following files:
- <Drive name for removable media>:\AUTORUN.INF
Network activity:
Connects to:
- 'he###n.3322.org':8080
UDP:
- DNS ASK he###n.3322.org
Miscellaneous:
Searches for the following windows:
- ClassName: 'TskMultiChatForm.UnicodeClass' WindowName: ''
- ClassName: 'Message Session' WindowName: ''
- ClassName: '__oxFrame.class__' WindowName: ''
- ClassName: '18467-41' WindowName: ''
- ClassName: 'YahooBuddyMain' WindowName: ''