Technical Information
- <SYSTEM32>\ntvdm.exe -f -i1
- %APPDATA%\windows\homologado.exe
- %APPDATA%\drivers\rtl6432.vxd
- %WINDIR%\Temp\scs2.tmp
- %WINDIR%\Temp\scs1.tmp
- %APPDATA%\drivers\rtl3264.vxd
- %APPDATA%\drivers\rtl8194.vxd
- %APPDATA%\drivers\rtl9976.vxd
- %APPDATA%\drivers\rtl745G.vxd
- <Full path to virus>
- %WINDIR%\Temp\scs2.tmp
- %WINDIR%\Temp\scs1.tmp
- 'qu####ura.com.br':80
- qu####ura.com.br/mudulos/elemento2.swf
- qu####ura.com.br/mudulos/elemento5.swf
- qu####ura.com.br/mudulos/elemento3.swf
- qu####ura.com.br/mudulos/elemento1.swf
- qu####ura.com.br/mudulos/elemento4.swf
- DNS ASK qu####ura.com.br
- '<Private IP address>':1037
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-9fc.a00.370001'