Technical Information
To ensure autorun and distribution:
Creates the following files on removable media:
- <Drive name for removable media>:\autorun.inf
- <Drive name for removable media>:\piaoyao.exe
Malicious functions:
Executes the following:
- '<SYSTEM32>\attrib.exe' +r +s +h e:\AUTORUN.INf
- '<SYSTEM32>\attrib.exe' +r +s +h <Drive name for removable media>:\AUTORUN.INf
- '<SYSTEM32>\cmd.exe' /c <Current directory>\piaoyao.bat
Modifies file system :
Creates the following files:
- C:\piaoyao.exe
- <Current directory>\piaoyao.bat
- <Current directory>\piaoyao.inf
Network activity:
Connects to:
- 'localhost':1037
UDP:
- DNS ASK 15###.rrww.net