Technical Information
To ensure autorun and distribution
Sets the following service settings
- [<HKLM>\System\CurrentControlSet\Services\Qmf_BnfvbrudkwS] 'ImagePath' = '%APPDATA%\Hmdrhjjdtt.exe'
Creates the following services
- 'Qmf_BnfvbrudkwS' %APPDATA%\Hmdrhjjdtt.exe
Modifies file system
Creates the following files
- %APPDATA%\hmdrhjjdtt.exe
Network activity
Connects to
- 'qb###.imtt.qq.com':80
- 'wu#.#mtt.qq.com':8080
- 'dl###1.qq.com':80
- 'pu##.#rowser.qq.com':8080
- 'wu#.##owser.qq.com':443
TCP
HTTP GET requests
- http://dl###1.qq.com/invc/tt/QB/kvtepqdzshxxuyj4aguco.exe
HTTP POST requests
- http://wu#.###t.qq.com:8080/ via wu#.#mtt.qq.com
- http://qb###.imtt.qq.com/
Other
- 'wu#.##owser.qq.com':443
UDP
- DNS ASK qb###.imtt.qq.com
- DNS ASK wu#.#mtt.qq.com
- DNS ASK dl###1.qq.com
- DNS ASK qq.com
- DNS ASK pu##.#rowser.qq.com
- DNS ASK wu#.##owser.qq.com
Miscellaneous
Creates and executes the following
- '%APPDATA%\hmdrhjjdtt.exe'
