Technical Information
- [<HKLM>\System\CurrentControlSet\Services\Net DDE] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Net DDE] 'ImagePath' = '%WINDIR%\huhu.exe'
- 'Net DDE' %WINDIR%\huhu.exe
- Handler for all processes: %WINDIR%\huhuKey.DLL
- %WINDIR%\huhu.exe
- %WINDIR%\delete.bat
- %WINDIR%\huhukey.dll
- %WINDIR%\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
- %WINDIR%\huhu.exe
- %WINDIR%\huhukey.dll
- 'sh###admin.cn':80
- http://www.sh###admin.cn/bb.txt
- DNS ASK sh###admin.cn
- '%WINDIR%\huhu.exe'
- '%WINDIR%\syswow64\cmd.exe' /c %WINDIR%\Delete.bat' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c %WINDIR%\Delete.bat