Technical Information
To ensure autorun and distribution:
Modifies the following registry keys:
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] 'Chkabfat' = '{C673EB48-6025-412E-84A6-BCD9AC4C9AB5}'
Malicious functions:
Attempts to shut down the Windows operating system.
Modifies file system:
Creates the following files:
- <SYSTEM32>\kbdabkey\getagmat\kbdusmic.dll
- <SYSTEM32>\vipodhex.dll
- %TEMP%\_is135859.ini
- <SYSTEM32>\madalx32.dll
- <SYSTEM32>\vipecmod.dll
- %TEMP%\UUU2.tmp
- %TEMP%\UUU1.tmp
- %TEMP%\UUU3.tmp
- <SYSTEM32>\secaxavi32.dll
Deletes the following files:
- %TEMP%\UUU3.tmp
- %TEMP%\_is135859.ini
- %TEMP%\UUU1.tmp
- %TEMP%\UUU2.tmp
