Technical Information
To ensure autorun and distribution:
Creates or modifies the following files:
- %HOMEPATH%\Start Menu\Programs\Startup\WindowsUpdater.exe
Modifies file system :
Creates the following files:
- %TEMP%\tmp10.tmp.jpg
- %TEMP%\tmp12.tmp.jpg
- %TEMP%\tmp14.tmp.jpg
- %TEMP%\tmpE.tmp.jpg
- %TEMP%\tmp8.tmp.jpg
- %TEMP%\tmpA.tmp.jpg
- %TEMP%\tmpC.tmp.jpg
Deletes the following files:
- %TEMP%\tmp14.tmp.jpg
- %TEMP%\tmpE.tmp.jpg
Network activity:
Connects to:
- 'rg##st.net':80
- 'wp#d':80
TCP:
HTTP GET requests:
- rg##st.net/download/56884027/8fb39582cd25d4dbc9f5af74752092http://rghost.net/download/56884027/8fb39582cd25d4dbc9f5af74752092264c0d1184/Server.exe
- wp#d/wpad.dat
UDP:
- DNS ASK rg##st.net
- DNS ASK wp#d
