Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'TEST' = ''
- '<SYSTEM32>\wscript.exe' "%TEMP%\p_199727.vbs"
- '<SYSTEM32>\wscript.exe' "<Current directory>\vbs_sbmff.VBS"
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\vbc.exe'
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\vbc.exe
- <Current directory>\vbs_sbmff.VBS
- %TEMP%\p_199727.vbs
- %TEMP%\<Virus name>.exe
- %PROGRAM_FILES%\<Virus name>.exe
- %TEMP%\<Virus name>.exe
- <Current directory>\vbs_sbmff.VBS
- 'xy#.#o-ip.org':82
- DNS ASK xy#.#o-ip.org
- ClassName: 'Indicator' WindowName: '(null)'