Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '771d60c72764892.exe' = '"<LS_APPDATA>\771d60c72764892.exe" /autorun'
- [<HKLM>\SYSTEM\ControlSet001\Services\583a7642b29b4c8e] 'Start' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\583a7642b29b4c8e] 'ImagePath' = '<DRIVERS>\583a7642b29b4c8e.sys'
- [<HKLM>\SYSTEM\ControlSet001\Services\248d6] 'Start' = '00000001'
- <LS_APPDATA>\771d60c72764892.exe
- NtOpenThread, handler: 583a7642b29b4c8e.sys
- NtOpenProcess, handler: 583a7642b29b4c8e.sys
- <DRIVERS>\583a7642b29b4c8e.sys
- <DRIVERS>\248d6.sys
- <LS_APPDATA>\771d60c72764892.exe
- from <Full path to virus> to %TEMP%\e1e387fb.tmp
- '17#.#5.153.37':80
- '17#.#3.141.209':80
- 17#.#3.141.209/debug2.php?id########################
- 17#.#5.153.37/scall.php?af#########################
- 17#.#3.141.209/debug2.php?id#####################
- 17#.#3.141.209/debug2.php?id#######################
- ClassName: 'Indicator' WindowName: ''