Technical Information
Malicious functions
Modifies settings of Windows Internet Explorer
- [HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3] '2500' = '00000003'
Modifies file system
Creates the following files
- %TEMP%\nse225f.tmp
- %TEMP%\nsz228f.tmp\system.dll
- %WINDIR%\syswow64\nsj2712.dll
- %TEMP%\nsz228f.tmp\nsbrowseropt.dll
- %WINDIR%\syswow64\cont_globaladsolution-remove.exe
- %TEMP%\nsz228f.tmp\nsisdl.dll
- %TEMP%\gewhk1
Deletes the following files
- %TEMP%\nsz228f.tmp\nsbrowseropt.dll
- %TEMP%\nsz228f.tmp\nsisdl.dll
- %TEMP%\nsz228f.tmp\system.dll
Network activity
Connects to
- 'ad##.###baladsolution.com':80
TCP
HTTP GET requests
- http://ad##.###baladsolution.com/smb/nsi_install.php?in###############################################################
Other
- '34.##9.100.209':443
UDP
- DNS ASK ad##.###baladsolution.com
