Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '<Virus name>.exe' = '<SYSTEM32>\<Virus name>.exe'
- '<SYSTEM32>\cmd.exe' /c <Virus name>.exe[2]$$336699.bat
- <Full path to virus>[2]$$336699.bat
- <SYSTEM32>\<Virus name>.exe[1]
- <Full path to virus>[2]$$336699.bat
- from <SYSTEM32>\<Virus name>.exe[1] to <Full path to virus>
- from <Full path to virus> to <Full path to virus>[2]
- 'tu###nt.co.kr':80
- 'go###e.co.kr':80
- tu###nt.co.kr/version.php
- tu###nt.co.kr/bVersion/update.dat
- tu###nt.co.kr/insb2.php?is####
- go###e.co.kr/
- tu###nt.co.kr/getkey.php
- DNS ASK tu###nt.co.kr
- DNS ASK go###e.co.kr
- ClassName: 'MS_WINHELP' WindowName: '(null)'