Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Java Updater' = '"%TEMP%\voila.exe"'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Java Update' = '%APPDATA%\voila.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Java Updater' = '"%TEMP%\<Virus name>.exe"'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Java Update' = '<Full path to virus>'
- %APPDATA%\The RATs Crew Crypter.exe
- %APPDATA%\voila.exe
- %TEMP%\voila.exe
- %APPDATA%\The RATs Crew Crypter.exe
- %TEMP%\<Virus name>.exe
- %APPDATA%\voila.exe
- 'dl.##opbox.com':80
- dl.##opbox.com/u/23840983/RATs%20Crew%20Crypter/version.txt
- DNS ASK dl.##opbox.com
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Indicator' WindowName: ''