Technical Information
Malicious functions:
Creates and executes the following:
- <Full path to virus> (downloaded from the Internet)
Modifies file system :
Creates the following files:
- %TEMP%\821BGZWZVN96SMER82XSJDRCX1FM
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\2jjmldlchyra4vg2[1]
Network activity:
Connects to:
- 'bs##des.com':80
TCP:
HTTP GET requests:
- bs##des.com/crypt/temp/2jjmldlchyra4vg2
UDP:
- DNS ASK bs##des.com
- '<Private IP address>':1036