Technical Information
To ensure autorun and distribution:
Modifies the following registry keys:
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] 'LoadAppInit_DLLs' = '00000001'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] 'AppInit_DLLs' = '%APPDATA%\Intel\dxdiwen.dll'
Malicious functions:
Creates and executes the following:
- %APPDATA%\Intel\ntosyu32.exe
Modifies file system :
Creates the following files:
- %APPDATA%\Intel\uty.exe
- %APPDATA%\Intel\AppList.dat
- %APPDATA%\Intel\ntosyu32.exd
- %APPDATA%\Intel\we3.exe
- %ALLUSERSPROFILE%\Documents\My Document\Dtl.dat
- %ALLUSERSPROFILE%\Documents\My Document\glp.uin
- %APPDATA%\Intel\dxdiwen.dat
- %APPDATA%\Intel\ntosyu32.dat
- %APPDATA%\Intel\wuasdng.dat
- %APPDATA%\Intel\mmai.dat
- %APPDATA%\Intel\awci.dat
- %APPDATA%\Intel\ruei.dat
- %APPDATA%\Intel\vncm.dat
- %APPDATA%\Intel\ntosyu32.exe
- %APPDATA%\Intel\dxdiwen.dll
- %APPDATA%\Intel\Data\Dtl.dat
- %APPDATA%\Intel\Data\glp.uin
Deletes the following files:
- %APPDATA%\Intel\ntosyu32.dat
- %APPDATA%\Intel\ntosyu32.exe
- %APPDATA%\Intel\ntosyu32.exd
Miscellaneous:
Searches for the following windows:
- ClassName: 'Shell_TrayWnd' WindowName: ''
