Technical Information
To ensure autorun and distribution
Creates or modifies the following files
- %APPDATA%\microsoft\windows\start menu\programs\startup\qofyfzt.exe
Modifies file system
Creates the following files
- %WINDIR%\syswow64\fuck.ini
- %ProgramFiles%\kav.exe
- %ProgramFiles%\k-meleon.exe
- %ProgramFiles%\java.exe
- %ProgramFiles%\itunes.exe
- %ProgramFiles%\isuac.exe
- %ProgramFiles%\issvc.exe
- %ProgramFiles%\ispwdsvc.exe
- %ProgramFiles%\ispnews.exe
- %ProgramFiles%\isafe.exe
- %ProgramFiles%\iron.exe
- %ProgramFiles%\iris.exe
- %ProgramFiles%\internet explorer.exe
- %ProgramFiles%\instlsp.exe
- %ProgramFiles%\installlsp.exe
- %ProgramFiles%\installlicense.exe
- %ProgramFiles%\installcavs.exe
- %ProgramFiles%\inphasenxd.exe
- %ProgramFiles%\inouptng.exe
- %ProgramFiles%\inotask.exe
- %ProgramFiles%\inort.exe
- %ProgramFiles%\inorpc.exe
- %ProgramFiles%\inocit.exe
- %ProgramFiles%\incmail.exe
- %ProgramFiles%\impcnt.exe
- %ProgramFiles%\imnotfy.exe
- %ProgramFiles%\kavmm.exe
- %ProgramFiles%\kavpfw.exe
- %ProgramFiles%\mfpmp.exe
- %ProgramFiles%\kavstart.exe
- %ProgramFiles%\memstring.exe
- %ProgramFiles%\mcvsshld.exe
- %ProgramFiles%\mcupdmgr.exe
- %ProgramFiles%\mcshield.exe
- %ProgramFiles%\mcregwiz.exe
- %ProgramFiles%\mcmnhdlr.exe
- %ProgramFiles%\maxthon.exe
- %ProgramFiles%\maplestory.exe
- %ProgramFiles%\malwareremoval.exe
- %ProgramFiles%\magent.exe
- %ProgramFiles%\luupdate.exe
- %ProgramFiles%\luna.exe
- %ProgramFiles%\luinit.exe
- %ProgramFiles%\luconfig.exe
- %ProgramFiles%\lucheck.exe
- %ProgramFiles%\lucallbackproxy.exe
- %ProgramFiles%\lpfw.exe
- %ProgramFiles%\lotroclient.exe
- %ProgramFiles%\logwatnt.exe
- %ProgramFiles%\liveupdate.exe
- %ProgramFiles%\livesrv.exe
- %ProgramFiles%\licmgr.exe
- %ProgramFiles%\launcher.exe
- %ProgramFiles%\konnekt.exe
- %ProgramFiles%\kavsvc.exe
- %ProgramFiles%\imapp.exe
- %ProgramFiles%\kavpf.exe
- %ProgramFiles%\ilaunchr.exe
- %ProgramFiles%\gc.exe
- %ProgramFiles%\fsus.exe
- %ProgramFiles%\fsuninst.exe
- %ProgramFiles%\fstlui.exe
- %ProgramFiles%\fssw.exe
- %ProgramFiles%\fsstm.exe
- %ProgramFiles%\fssm32.exe
- %ProgramFiles%\fssg.exe
- %ProgramFiles%\fssf.exe
- %ProgramFiles%\fsqh.exe
- %ProgramFiles%\fspex.exe
- %ProgramFiles%\fspc.exe
- %ProgramFiles%\fsmb32.exe
- %ProgramFiles%\fsma32.exe
- %ProgramFiles%\fsm32.exe
- %ProgramFiles%\fslaunch.exe
- %ProgramFiles%\fsihs.exe
- %ProgramFiles%\fsihcomp.exe
- %ProgramFiles%\fshotfix.exe
- %ProgramFiles%\fshelp.exe
- %ProgramFiles%\fshdll32.exe
- %ProgramFiles%\fsguiexe.exe
- %ProgramFiles%\fsguidll.exe
- %ProgramFiles%\fsgk32st.exe
- %ProgramFiles%\fsgk32.exe
- %ProgramFiles%\fsgetwab.exe
- %ProgramFiles%\ftpte.exe
- %ProgramFiles%\gcasdtserv.exe
- %ProgramFiles%\ih8.exe
- %ProgramFiles%\gcasserv.exe
- %ProgramFiles%\iexplore.exe
- %ProgramFiles%\ieuser.exe
- %ProgramFiles%\ieregfix.exe
- %ProgramFiles%\icqlite.exe
- %ProgramFiles%\icq.exe
- %ProgramFiles%\iamserv.exe
- %ProgramFiles%\iamapp.exe
- %ProgramFiles%\httplook.exe
- %ProgramFiles%\hsockpe.exe
- %ProgramFiles%\hrres.exe
- %ProgramFiles%\hregmon.exe
- %ProgramFiles%\hipsdiag.exe
- %ProgramFiles%\helper.exe
- %ProgramFiles%\helpctr.exe
- %ProgramFiles%\gw.exe
- %ProgramFiles%\guardnt.exe
- %ProgramFiles%\guardgni.exe
- %ProgramFiles%\googleupdate.exe
- %ProgramFiles%\googletalk.exe
- %ProgramFiles%\googledesktop.exe
- %ProgramFiles%\gnotify.exe
- %ProgramFiles%\giantantispywareupdater.exe
- %ProgramFiles%\giantantispywaremain.exe
- %ProgramFiles%\gg.exe
- %ProgramFiles%\ge.exe
- %ProgramFiles%\ih8run.exe
- %ProgramFiles%\navwnt.exe
- %ProgramFiles%\qhwscsvc.exe
- %ProgramFiles%\microsoft sql server compact edition.exe
- %ProgramFiles%\pmagic.exe
- %ProgramFiles%\pm8flash.exe
- %ProgramFiles%\pm.exe
- %ProgramFiles%\pidgin.exe
- %ProgramFiles%\pertsk.exe
- %ProgramFiles%\pctav.exe
- %ProgramFiles%\pcctlcom.exe
- %ProgramFiles%\pccpfw.exe
- %ProgramFiles%\pccntmon.exe
- %ProgramFiles%\pccguide.exe
- %ProgramFiles%\pavsrv51.exe
- %ProgramFiles%\pavprsrv.exe
- %ProgramFiles%\pavproxy.exe
- %ProgramFiles%\pavprot.exe
- %ProgramFiles%\pavkre.exe
- %ProgramFiles%\pavfnsvr.exe
- %ProgramFiles%\pavfires.exe
- %ProgramFiles%\partinnt.exe
- %ProgramFiles%\partinfo.exe
- %ProgramFiles%\partin9x.exe
- %ProgramFiles%\partin.exe
- %ProgramFiles%\outpost.exe
- %ProgramFiles%\outlook.exe
- %ProgramFiles%\oscheck.exe
- %ProgramFiles%\opera.exe
- %ProgramFiles%\pmagic9x.exe
- %ProgramFiles%\pmagicnt.exe
- %ProgramFiles%\microsoft office.exe
- %ProgramFiles%\polutil.exe
- %ProgramFiles%\python.exe
- %ProgramFiles%\pxsupport.exe
- %ProgramFiles%\pxreset.exe
- %ProgramFiles%\pxl1.exe
- %ProgramFiles%\pxl.exe
- %ProgramFiles%\pxconsole.exe
- %ProgramFiles%\pxagent.exe
- %ProgramFiles%\psimsvc.exe
- %ProgramFiles%\pshost.exe
- %ProgramFiles%\psctrls.exe
- %ProgramFiles%\ps.exe
- %ProgramFiles%\protect.exe
- %ProgramFiles%\processviewer.exe
- %ProgramFiles%\privatebrowser.exe
- %ProgramFiles%\prevxsetup.exe
- %ProgramFiles%\prevsrv.exe
- %ProgramFiles%\preupd.exe
- %ProgramFiles%\preconfig.exe
- %ProgramFiles%\pqpent.exe
- %ProgramFiles%\pqpe9x.exe
- %ProgramFiles%\pqpe.exe
- %ProgramFiles%\pqbw.exe
- %ProgramFiles%\pqboot32.exe
- %ProgramFiles%\ppfw.exe
- %ProgramFiles%\postinstall.exe
- %ProgramFiles%\onaccessinstaller.exe
- %ProgramFiles%\fsfwwscr.exe
- %ProgramFiles%\oladdin.exe
- %ProgramFiles%\navw32.exe
- %ProgramFiles%\navlu32.exe
- %ProgramFiles%\navapsvc.exe
- %ProgramFiles%\myagttry.exe
- %ProgramFiles%\myagtsvc.exe
- %ProgramFiles%\mvc.exe
- %ProgramFiles%\mva.exe
- %ProgramFiles%\msnmsgr.exe
- %ProgramFiles%\msn6.exe
- %ProgramFiles%\msmpsvc.exe
- %ProgramFiles%\msimn.exe
- %ProgramFiles%\msbuild.exe
- %ProgramFiles%\mpssvc.exe
- %ProgramFiles%\mpftray.exe
- %ProgramFiles%\mpeng.exe
- %ProgramFiles%\mp3tray.exe
- %ProgramFiles%\mp3toystray.exe
- %ProgramFiles%\mp3toys.exe
- %ProgramFiles%\mp3theater.exe
- %ProgramFiles%\monsysnt.exe
- %ProgramFiles%\monlite.exe
- %ProgramFiles%\miro.exe
- %ProgramFiles%\miranda32.exe
- %ProgramFiles%\mir3game.exe
- %ProgramFiles%\microsoft synchronization services.exe
- %ProgramFiles%\microsoft sync framework.exe
- %ProgramFiles%\navstub.exe
- %ProgramFiles%\microsoft analysis services.exe
- %ProgramFiles%\ofcpfwsvc.exe
- %ProgramFiles%\neowatchlog.exe
- %ProgramFiles%\oaui.exe
- %ProgramFiles%\oasrv.exe
- %ProgramFiles%\nwservice.exe
- %ProgramFiles%\nvcut.exe
- %ProgramFiles%\nvcte.exe
- %ProgramFiles%\nvcod.exe
- %ProgramFiles%\nupgrade.exe
- %ProgramFiles%\ntxconfig.exe
- %ProgramFiles%\ntrtscan.exe
- %ProgramFiles%\ntoskrnl.exe
- %ProgramFiles%\nsstray.exe
- %ProgramFiles%\nssserv.exe
- %ProgramFiles%\nsmdtr.exe
- %ProgramFiles%\npfmsg.exe
- %ProgramFiles%\npavtray.exe
- %ProgramFiles%\notstart.exe
- %ProgramFiles%\notifyha.exe
- %ProgramFiles%\nod32kui.exe
- %ProgramFiles%\nod32krn.exe
- %ProgramFiles%\nod32.exe
- %ProgramFiles%\nod.exe
- %ProgramFiles%\nisoptui.exe
- %ProgramFiles%\netxray.exe
- %ProgramFiles%\netstatviewer.exe
- %ProgramFiles%\neowatchtray.exe
- %ProgramFiles%\oget.exe
- %ProgramFiles%\pmagicbt.exe
- %ProgramFiles%\fsfwwsch.exe
- %ProgramFiles%\firefox.exe
- %ProgramFiles%\avgscan.exe
- %ProgramFiles%\avgrssvc.exe
- %ProgramFiles%\avgnpsvc.exe
- %ProgramFiles%\avgnpdln.exe
- %ProgramFiles%\avginet.exe
- %ProgramFiles%\avgfwsrv.exe
- %ProgramFiles%\avgemc.exe
- %ProgramFiles%\avgdiag.exe
- %ProgramFiles%\avgcc.exe
- %ProgramFiles%\avgamsvr.exe
- %ProgramFiles%\avconsol.exe
- %ProgramFiles%\avconfig.exe
- %ProgramFiles%\avcmd.exe
- %ProgramFiles%\avciman.exe
- %ProgramFiles%\avcenter.exe
- %ProgramFiles%\avadmin.exe
- %ProgramFiles%\autotrace.exe
- %ProgramFiles%\autostartexplorer.exe
- %ProgramFiles%\autodown.exe
- %ProgramFiles%\aswupdsv.exe
- %ProgramFiles%\aswregsvr.exe
- %ProgramFiles%\ash_updatemediator.exe
- %ProgramFiles%\ashwebsv.exe
- %ProgramFiles%\ashupd.exe
- %ProgramFiles%\ashskpck.exe
- %ProgramFiles%\avgupden.exe
- %ProgramFiles%\avgvv.exe
- %ProgramFiles%\btini.exe
- %ProgramFiles%\avgw.exe
- %ProgramFiles%\blindman.exe
- %ProgramFiles%\blackice.exe
- %ProgramFiles%\blackd.exe
- %ProgramFiles%\bdwizreg.exe
- %ProgramFiles%\bdswitch.exe
- %ProgramFiles%\bdsurvey.exe
- %ProgramFiles%\bdsubmitwiz.exe
- %ProgramFiles%\bdsubmit.exe
- %ProgramFiles%\bdss.exe
- %ProgramFiles%\bdoesrv.exe
- %ProgramFiles%\bdnews.exe
- %ProgramFiles%\bdmcon.exe
- %ProgramFiles%\bdagent.exe
- %ProgramFiles%\backweb-4476822.exe
- %ProgramFiles%\b2.exe
- %ProgramFiles%\avsynmgr.exe
- %ProgramFiles%\avscan.exe
- %ProgramFiles%\avpm.exe
- %ProgramFiles%\avpcc.exe
- %ProgramFiles%\avnotify.exe
- %ProgramFiles%\avkwctl.exe
- %ProgramFiles%\avkservice.exe
- %ProgramFiles%\avkserv.exe
- %ProgramFiles%\avinitnt.exe
- %ProgramFiles%\avgwizfw.exe
- %ProgramFiles%\ashskpcc.exe
- %ProgramFiles%\avgupsvc.exe
- %ProgramFiles%\ashsimpl.exe
- %ProgramFiles%\ackwin32.exe
- %ProgramFiles%\aavshield.exe
- %ProgramFiles%\a2wizard.exe
- %ProgramFiles%\a2upd.exe
- %ProgramFiles%\a2start.exe
- %ProgramFiles%\a2service.exe
- %ProgramFiles%\a2scan.exe
- %ProgramFiles%\a2hijackfree.exe
- %ProgramFiles%\a2guard.exe
- %ProgramFiles%\a2cmd.exe
- %ProgramFiles%\360tray.exe
- C:\perflogs\admin.exe
- C:\msocache\all users.exe
- C:\far2\pluginsdk.exe
- C:\far2\plugins.exe
- C:\far2\fexcept.exe
- C:\far2\encyclopedia.exe
- C:\far2\documentation.exe
- C:\far2\addons.exe
- C:\$recycle.bin\s-1-5-21-1960123792-2022915161-3775307078-1001.exe
- %HOMEPATH%\desktop\360°²è«µ¼º½.lnk
- %HOMEPATH%\desktop\ñô´º¹ºîï°é.lnk
- %HOMEPATH%\desktop\ñô´º¹ºîï°é.png
- D:\ñô´º¹ºîï°é.png
- %HOMEPATH%\favorites\ñô´º¹ºîï°é.png
- %HOMEPATH%\documents\ñô´º¹ºîï°é.png
- %ProgramFiles%\about.exe
- %ProgramFiles%\admunch.exe
- %ProgramFiles%\ashserv.exe
- %ProgramFiles%\agb5.exe
- %ProgramFiles%\ashquick.exe
- %ProgramFiles%\ashpopwz.exe
- %ProgramFiles%\ashmaisv.exe
- %ProgramFiles%\ashlogv.exe
- %ProgramFiles%\ashenhcd.exe
- %ProgramFiles%\ashdug.exe
- %ProgramFiles%\ashdisp.exe
- %ProgramFiles%\ashchest.exe
- %ProgramFiles%\ashavsrv.exe
- %ProgramFiles%\ashavast.exe
- %ProgramFiles%\ash.exe
- %ProgramFiles%\armorsurf.exe
- %ProgramFiles%\armor2net.exe
- %ProgramFiles%\aoltbserver.exe
- %ProgramFiles%\antivirus.exe
- %ProgramFiles%\anti-trojan.exe
- %ProgramFiles%\amsn.exe
- %ProgramFiles%\amon.exe
- %ProgramFiles%\alsvc.exe
- %ProgramFiles%\almon.exe
- %ProgramFiles%\airdefense.exe
- %ProgramFiles%\aimpro.exe
- %ProgramFiles%\aim6.exe
- %ProgramFiles%\ahnsd.exe
- %ProgramFiles%\ageofconan.exe
- %ProgramFiles%\ashsimp2.exe
- %ProgramFiles%\claw95cf.exe
- %ProgramFiles%\fsdiag.exe
- %ProgramFiles%\cafix.exe
- %ProgramFiles%\filezilla.exe
- %ProgramFiles%\fdmwi.exe
- %ProgramFiles%\fdm.exe
- %ProgramFiles%\fch32.exe
- %ProgramFiles%\far.exe
- %ProgramFiles%\fameh32.exe
- %ProgramFiles%\f-sched.exe
- %ProgramFiles%\ezantivirusregistrationcheck.exe
- %ProgramFiles%\exit_av.exe
- %ProgramFiles%\ewidoctrl.exe
- %ProgramFiles%\eudora.exe
- %ProgramFiles%\etherd.exe
- %ProgramFiles%\elementclient.exe
- %ProgramFiles%\ekrn.exe
- %ProgramFiles%\ehsniffer.exe
- %ProgramFiles%\egni.exe
- %ProgramFiles%\ecmd.exe
- %ProgramFiles%\dvd maker.exe
- %ProgramFiles%\drwreg.exe
- %ProgramFiles%\drwebwcl.exe
- %ProgramFiles%\drwebupw.exe
- %ProgramFiles%\drwebscd.exe
- %ProgramFiles%\drweb386.exe
- %ProgramFiles%\drweb32w.exe
- %ProgramFiles%\drweb.exe
- %ProgramFiles%\firebird.exe
- %ProgramFiles%\firesvc.exe
- %ProgramFiles%\cabalmain.exe
- %ProgramFiles%\firetray.exe
- %ProgramFiles%\fsdfwd.exe
- %ProgramFiles%\fsdc.exe
- %ProgramFiles%\fsdbuh.exe
- %ProgramFiles%\fsbwsys.exe
- %ProgramFiles%\fsavwscr.exe
- %ProgramFiles%\fsavwsch.exe
- %ProgramFiles%\fsavstrt.exe
- %ProgramFiles%\fsavgui.exe
- %ProgramFiles%\fsavaui.exe
- %ProgramFiles%\fsav32.exe
- %ProgramFiles%\fsav.exe
- %ProgramFiles%\fsauach.exe
- %ProgramFiles%\fsaua.exe
- %ProgramFiles%\fsample.exe
- %ProgramFiles%\freshclam.exe
- %ProgramFiles%\fpwin.exe
- %ProgramFiles%\fptrayproc.exe
- %ProgramFiles%\fpscan.exe
- %ProgramFiles%\fprottray.exe
- %ProgramFiles%\fpavupdm.exe
- %ProgramFiles%\fpavserver.exe
- %ProgramFiles%\foxit.exe
- %ProgramFiles%\flock.exe
- %ProgramFiles%\flashgot.exe
- %ProgramFiles%\flashfxp.exe
- %ProgramFiles%\drwadins.exe
- %ProgramFiles%\fsdiagui.exe
- %ProgramFiles%\drvmap.exe
- %ProgramFiles%\claw95.exe
- %ProgramFiles%\clamtray.exe
- %ProgramFiles%\clamscan.exe
- %ProgramFiles%\chrome.exe
- %ProgramFiles%\cemrep.exe
- %ProgramFiles%\ccsetmgr.exe
- %ProgramFiles%\ccproxy.exe
- %ProgramFiles%\ccleaner.exe
- %ProgramFiles%\ccevtmgr.exe
- %ProgramFiles%\ccapp.exe
- %ProgramFiles%\cavvl.exe
- %ProgramFiles%\cavuserupd.exe
- %ProgramFiles%\cavumas.exe
- %ProgramFiles%\cavsubmit.exe
- %ProgramFiles%\cavsub.exe
- %ProgramFiles%\cavsn.exe
- %ProgramFiles%\cavse.exe
- %ProgramFiles%\cavscons.exe
- %ProgramFiles%\cavq.exe
- %ProgramFiles%\cavoar.exe
- %ProgramFiles%\cavmud.exe
- %ProgramFiles%\cavmr.exe
- %ProgramFiles%\cavemsrv.exe
- %ProgramFiles%\cavaud.exe
- %ProgramFiles%\cavasm.exe
- %ProgramFiles%\cavapp.exe
- %ProgramFiles%\clamwin.exe
- %ProgramFiles%\btinint.exe
- %ProgramFiles%\drvctl.exe
- %ProgramFiles%\cleaner.exe
- %ProgramFiles%\dpatrolq.exe
- %ProgramFiles%\dnf.exe
- %ProgramFiles%\dislite.exe
- %ProgramFiles%\directftp.exe
- %ProgramFiles%\digsby-app.exe
- %ProgramFiles%\digsby.exe
- %ProgramFiles%\dekaron.exe
- %ProgramFiles%\defwatch.exe
- %ProgramFiles%\defensewall.exe
- %ProgramFiles%\dbtool.exe
- %ProgramFiles%\dbconvert.exe
- %ProgramFiles%\cuteftp.exe
- %ProgramFiles%\custsetup.exe
- %ProgramFiles%\custinstall.exe
- %ProgramFiles%\cssexc.exe
- %ProgramFiles%\csendto.exe
- %ProgramFiles%\cpd.exe
- %ProgramFiles%\courier.exe
- %ProgramFiles%\copyx64.exe
- %CommonProgramFiles%.exe
- %ProgramFiles%\cmgrdian.exe
- %ProgramFiles%\cmain.exe
- %ProgramFiles%\clrcche.exe
- %ProgramFiles%\clisvc.exe
- %ProgramFiles%\cleaner3.exe
- %ProgramFiles%\drvirus.exe
- %ProgramFiles%\qip.exe
Moves itself
- from <Full path to file> to %TEMP%\[8e09de83c52e44be32be4b4005f41186]
Network activity
TCP
HTTP GET requests
- http://www.ba##u.com/
UDP
- DNS ASK ba##u.com
Miscellaneous
Executes the following
- '%WINDIR%\syswow64\explorer.exe' <PATH_SAMPLE>
