Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'microWebAD.exe' = '%PROGRAM_FILES%\microWebAD\microWebAD.exe'
- %PROGRAM_FILES%\microWebAD\microWebAD.exe
- %PROGRAM_FILES%\microWebAD\microWebAD.exe (downloaded from the Internet)
- <SYSTEM32>\cmd.exe /c <Current directory>\$$ssb34rd.bat
- <SYSTEM32>\schtasks.exe /create /sc onlogon /tn "MicroWebAD Installer 1.1" /tr "\"%PROGRAM_FILES%\microWebAD\microWebAD.exe"\" /rl highest
- <Current directory>\$$ssb34rd.bat
- %PROGRAM_FILES%\microWebAD\microWebAD.exe
- 'www.an#####.co.krcontrol':80
- 'www.an###ad.co.kr':80
- www.an###ad.co.kr/control/pgm/microWebAD.exe
- www.an###ad.co.kr/control/control_install.php?ma###############################
- www.an#####.co.krcontrol/pgmver.php
- www.an###ad.co.kr/control/iconsrc.php
- www.an###ad.co.kr/control/src.php
- www.an###ad.co.kr/control/deny.php
- www.an###ad.co.kr/control/process.php
- DNS ASK www.an#####.co.krcontrol
- DNS ASK www.an###ad.co.kr
- '<Private IP address>':1037