Technical Information
- <SYSTEM32>\instsrv.exe (downloaded from the Internet) SockClient <SYSTEM32>\srvany.exe
- <SYSTEM32>\SockUpdateRun.exe auto <Virus name>@alcxa.cn
- <SYSTEM32>\net1.exe stop SockClient
- <SYSTEM32>\net1.exe start SockClient
- <SYSTEM32>\net.exe stop SockClient
- <SYSTEM32>\regsvr32.exe <SYSTEM32>\MSINET.OCX /s
- <SYSTEM32>\regsvr32.exe <SYSTEM32>\MSWINSCK.OCX /s
- <SYSTEM32>\instsrv.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\instsrv[1].exe
- <SYSTEM32>\SockUpdate.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\ULU3YH2D\srvany[1].exe
- <SYSTEM32>\SockClient.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\SL6TKFAX\SockClient[1].exe
- <SYSTEM32>\srvany.exe
- <SYSTEM32>\MSWINSCK.OCX
- <SYSTEM32>\MSINET.OCX
- <SYSTEM32>\INETCHS.DLL
- <SYSTEM32>\WINSKCHS.DLL
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\SockUpdate[1].exe
- <SYSTEM32>\SockUpdateRun.exe
- <SYSTEM32>\VB6CHS.DLL
- 'www.al##a.cn':80
- 'localhost':1037
- www.al##a.cn/download/srvany.exe
- www.al##a.cn/download/SockClient.exe
- www.al##a.cn/download/SockUpdate.exe
- www.al##a.cn/download/instsrv.exe
- DNS ASK www.al##a.cn