Technical Information
To ensure autorun and distribution
Modifies the following registry keys
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run\] 'yemik' = '%HOMEPATH%\yemik.exe'
Creates the following files on removable media
- <Drive name for removable media>:\autorun.inf
- <Drive name for removable media>:\yemik.exe
- <Drive name for removable media>:\yemik.scr
- <Drive name for removable media>:\new folder.lnk
- <Drive name for removable media>:\passwords.lnk
- <Drive name for removable media>:\documents.lnk
- <Drive name for removable media>:\pictures.lnk
- <Drive name for removable media>:\music.lnk
- <Drive name for removable media>:\video.lnk
Malicious functions
To complicate detection of its presence in the operating system,
forces the system hide from view:
- hidden files
Injects code into
the following user processes:
- iexplore.exe
Modifies file system
Creates the following files
- %HOMEPATH%\yemik.exe
Sets the 'hidden' attribute to the following files
- %HOMEPATH%\yemik.exe
- <Drive name for removable media>:\autorun.inf
- <Drive name for removable media>:\yemik.exe
- <Drive name for removable media>:\yemik.scr
Network activity
Connects to
- '255.255.255.255':8000
UDP
- DNS ASK ns#.###picturehut.net
Miscellaneous
Creates and executes the following
- '%HOMEPATH%\yemik.exe'
