Technical Information
Malicious functions:
Executes the following:
- <SYSTEM32>\ping.exe 127.0.0.1 -n 2
- <SYSTEM32>\taskmgr.exe
Modifies file system :
Creates the following files:
- %TEMP%\HZ~1.tmp.bat
- %PROGRAM_FILES%\新建 RTF 文件.rtf
Deletes itself.
Miscellaneous:
Searches for the following windows:
- ClassName: '' WindowName: 'Windows Task Manager'
- ClassName: 'Shell_TrayWnd' WindowName: ''