Technical Information
To ensure autorun and distribution:
Modifies the following registry keys:
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'gjo' = '%APPDATA%\gdpacy\jknfry.exe'
Malicious functions:
Creates and executes the following:
- '%APPDATA%\gdpacy\jknfry.exe' -installer "<Full path to file>"
Modifies file system:
Creates the following files:
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\KHMHGZ4F\F4EA68BBDED392A0EA5CD331[1].htm
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\KHMHGZ4F\yahoo[1]
- %APPDATA%\gdpacy\jknfry.exe
Deletes itself.
Network activity:
Connects to:
- 'te##serl.ru':80
- '67.##5.160.76':80
TCP:
HTTP GET requests:
- http://www.ya##o.com/ via 67.##5.160.76
UDP:
- DNS ASK te##serl.ru
- DNS ASK www.ya##o.com
