Technical Information
To ensure autorun and distribution
Creates or modifies the following files
- %APPDATA%\microsoft\windows\start menu\programs\startup\<File name>.lnk
Modifies file system
Creates the following files
- %ALLUSERSPROFILE%\{02191fb6-b17d-9227-0219-91fb6b177eda}\<File name>.exe
- %ALLUSERSPROFILE%\{02191fb6-b17d-9227-0219-91fb6b177eda}\<File name>.dat
- %TEMP%\optprosetup.exe
- %TEMP%\is-i69tu.tmp\optprosetup.tmp
- %TEMP%\is-jrler.tmp\_isetup\_setup64.tmp
- %TEMP%\is-jrler.tmp\_isetup\_shfoldr.dll
- %TEMP%\is-jrler.tmp\optprohelper.dll
- %TEMP%\is-jrler.tmp\itdownload.dll
- %TEMP%\is-jrler.tmp\optpromon.dll
Network activity
TCP
HTTP GET requests
- http://op###izepro.biz/inst?hi########################################################################################################################################################
- http://op###izepro.biz/inst?si#################################################
UDP
- DNS ASK google.com
- DNS ASK op###izepro.biz
Miscellaneous
Creates and executes the following
- '%TEMP%\optprosetup.exe' /MMJS /insid=5189781364410171762
- '%TEMP%\is-i69tu.tmp\optprosetup.tmp' /SL5="$12021A,5195750,115200,%TEMP%\optprosetup.exe" /MMJS /insid=5189781364410171762
