Technical Information
Modifies file system
Creates the following files
- %TEMP%\7zipsfx.000\cui.accde
- %TEMP%\7zipsfx.000\fede.accde
- %TEMP%\7zipsfx.000\sostenere.accde
- %TEMP%\7zipsfx.000\vacillavo.accde
- %TEMP%\7zipsfx.000\misteriosa.exe.com
- %TEMP%\7zipsfx.000\a
- %TEMP%\7zsfx000.cmd
- %TEMP%\7zipsfx.000\regasm.exe
Deletes the following files
- %TEMP%\7zipsfx.000\a
- %TEMP%\7zipsfx.000\fede.accde
- %TEMP%\7zipsfx.000\cui.accde
- %TEMP%\7zsfx000.cmd
Deletes itself.
Network activity
UDP
- DNS ASK pd########gKnfPqE.pdsbRtBSXSgKnfPqE
Miscellaneous
Creates and executes the following
- '%TEMP%\7zipsfx.000\misteriosa.exe.com' A
- '%TEMP%\7zipsfx.000\regasm.exe'
- '%WINDIR%\syswow64\cmd.exe' /c cmd < Cui.accde' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\7ZSfx000.cmd" "' (with hidden window)
Executes the following
- '%WINDIR%\syswow64\cmd.exe' /c cmd < Cui.accde
- '%WINDIR%\syswow64\cmd.exe'
- '%WINDIR%\syswow64\findstr.exe' /V /R "^yoqhbOibFNkJRaIOXxseqGGKgeLRpgnnCmbhZSmOmDfOAfoClAhCoQdmCfYxrfgdgNisVxPtUCCbdRlZUoHIwWfMoYLJUtLpgZANiQH$" Vacillavo.accde
- '%WINDIR%\syswow64\ping.exe' sbxkeueicyte -n 30
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\7ZSfx000.cmd" "
