Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{2357CD25-8FAE-9BA6-2C4C-E00177E58906}] 'StubPath' = '%WINDIR%\woekfk.exe'
- [<HKLM>\SOFTWARE\Classes\My20130401.Document\shell\open\command] '' = '<Full path to virus> /dde'
- %WINDIR%\woekfk.exe
- 'ba##.##cforlinux.net':80
- 'ba##.##cforlinux.net':443
- DNS ASK ba##.##cforlinux.net