Technical Information
Modifies file system
Creates the following files
- %TEMP%\main\file.bin
- %TEMP%\main\killduplicate.cmd
- %TEMP%\main\main.bat
- %TEMP%\main\7z.dll
- %TEMP%\main\7z.exe
- %TEMP%\main\extracted\file_6.zip
- %TEMP%\main\extracted\antiav.data
- %TEMP%\main\extracted\file_5.zip
- %TEMP%\main\extracted\file_4.zip
- %TEMP%\main\extracted\file_3.zip
- %TEMP%\main\extracted\file_2.zip
- %TEMP%\main\extracted\file_1.zip
- %TEMP%\main\extracted\ycorig.exe
Sets the 'hidden' attribute to the following files
- %TEMP%\main\killduplicate.cmd
- %TEMP%\main\ycorig.exe
Moves the following files
- from %TEMP%\main\file.bin to %TEMP%\main\file.zip
- from %TEMP%\main\extracted\ycorig.exe to %TEMP%\main\ycorig.exe
Substitutes the following files
- %TEMP%\main\file.bin
Miscellaneous
Creates and executes the following
- '%TEMP%\main\7z.exe' e file.zip -p607316787144311623182532602 -oextracted
- '%TEMP%\main\7z.exe' e extracted/file_6.zip -oextracted
- '%TEMP%\main\7z.exe' e extracted/file_5.zip -oextracted
- '%TEMP%\main\7z.exe' e extracted/file_4.zip -oextracted
- '%TEMP%\main\7z.exe' e extracted/file_3.zip -oextracted
- '%TEMP%\main\7z.exe' e extracted/file_2.zip -oextracted
- '%TEMP%\main\7z.exe' e extracted/file_1.zip -oextracted
- '%TEMP%\main\ycorig.exe'
Executes the following
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\main\main.bat" /S"
- '<SYSTEM32>\mode.com' 65,10
- '<SYSTEM32>\attrib.exe' +H "ycorig.exe"
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\main\main.bat" /S"' (with hidden window)
