Technical Information
Malicious functions:
Creates and executes the following:
- <SYSTEM32>\debug02.exe
- <SYSTEM32>\debug01.exe
Modifies file system :
Creates the following files:
- <SYSTEM32>\debug.ini
- <SYSTEM32>\debug2.ini
- <SYSTEM32>\debug01.exe
- <SYSTEM32>\debug02.exe
Deletes itself.
Network activity:
Connects to:
- 'ba##.#zone.qq.com':80
TCP:
HTTP GET requests:
- ba##.#zone.qq.com/fcg-bin/cgi_get_portrait.fcg?ui############
UDP:
- DNS ASK ba##.#zone.qq.com
Miscellaneous:
Searches for the following windows:
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '' WindowName: '<Virus name>.exe'
- ClassName: '' WindowName: 'debug01.exe'
- ClassName: '' WindowName: 'debug02.exe'
