Technical Information
To ensure autorun and distribution
Creates the following files on removable media
- <Drive name for removable media>:\setup.exe
- <Drive name for removable media>:\autorun.inf
Malicious functions
Sets a new unauthorized home page for Windows Internet Explorer.
Modifies file system
Creates the following files
- D:\install.exe
- D:\autorun.inf
Network activity
Connects to
- '35.##6.248.16':8181
UDP
- DNS ASK en#######0oq.x.pipedream.net
- DNS ASK Be########.#AdYnyCJxAqRJqpjiCXi.readme.io
- DNS ASK XU#.######tOsisTSSMVpeaQ.readme.io
- DNS ASK ih######GreEB.bitbucket.com
- DNS ASK iC######eE.bitbucket.com
- DNS ASK co####ad.github.com
- DNS ASK dr##box.com
- DNS ASK lg######kakdW.bitbucket.com
- DNS ASK id####rcial.com.br
- DNS ASK Qa###########.WsbyzWXohbMldlOIxoVV.readme.io
- DNS ASK WZ.#######LlLmaAmcwcLjR.readme.io
- DNS ASK ap###rror.com
- DNS ASK me##.co.nz
- DNS ASK Yw#######CmYBt.bitbucket.com
- DNS ASK Ng######LXYU.bitbucket.com
- DNS ASK BS#####By.bitbucket.com
- DNS ASK me#a.nz
- DNS ASK bc#.######GEyGfmSNrKORxJ.readme.io
- DNS ASK ka###wer.com
- DNS ASK ra#.####ubusercontent.com
- DNS ASK jm##c.com
- DNS ASK xw##n.net
- DNS ASK u.########OYqaypwXWhjy.readme.io
- DNS ASK Vv##.#itbucket.com
