Technical Information
To ensure autorun and distribution:
Modifies the following registry keys:
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '' = '%WINDIR%\svchoat.exe'
Creates the following services:
- [<HKLM>\SYSTEM\ControlSet001\Services\Wsnmlk xpbuuzem] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\Wsnmlk xpbuuzem] 'ImagePath' = '%WINDIR%\Oxnbakx.exe'
Modifies file system:
Creates the following files:
- %TEMP%\AFX1.tmp
- %TEMP%\AFX2.tmp
- %TEMP%\AFX3.tmp
- %TEMP%\AFX4.tmp
- %WINDIR%\Oxnbakx.exe
- %TEMP%\AFX5.tmp
- %TEMP%\AFX6.tmp
- %TEMP%\AFX7.tmp
- %TEMP%\AFX8.tmp
- %WINDIR%\Temp\AFX9.tmp
- %WINDIR%\Temp\AFXA.tmp
- %WINDIR%\Temp\AFXB.tmp
- %WINDIR%\Temp\AFXC.tmp
Network activity:
Connects to:
- 'localhost':2014
Miscellaneous:
Creates and executes the following:
- '%WINDIR%\Oxnbakx.exe'
