Technical Information
To ensure autorun and distribution:
Modifies the following registry keys:
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'WerFaultSecurers' = '%WINDIR%\WerFaultSecurers.exe'
Modifies file system :
Creates the following files:
- %ALLUSERSPROFILE%\DRM\xs\nqjyxudknzugmahddt
Moves itself:
- from <Full path to virus> to %WINDIR%\WerFaultSecurers.exe
Network activity:
Connects to:
- 'ji###.#imindaddy.com':53
- 'ji###.#imindaddy.com':80
TCP:
HTTP GET requests:
- ji###.#imindaddy.com/57F3A8C2D4C68633349CFF5D
- ji###.#imindaddy.com/8DAEABF24AC6EA084C19BAC6
- ji###.#imindaddy.com/8C08D9AC32BE10815A355DB9
UDP:
- DNS ASK ji###.#imindaddy.com
