Technical Information
- [<HKLM>\SOFTWARE\Classes\VBEFile\Shell\Open\Command] '' = ''
- '<SYSTEM32>\nc.exe' -L -p 4444 -e cmd.exe
- '%TEMP%\~vnximhb.vbe' "<SYSTEM32>\<Virus name>.vbe"
- '<SYSTEM32>\nc.exe' (downloaded from the Internet)
- <SYSTEM32>\<Virus name>.vbe
- <SYSTEM32>\nc.exe
- %TEMP%\aut1.tmp
- %TEMP%\~vnximhb.vbe
- <SYSTEM32>\<Virus name>.vbe
- %TEMP%\~vnximhb.vbe
- <SYSTEM32>\<Virus name>.vbe
- %TEMP%\aut1.tmp
- 'www.mi###urr.com':80
- 'localhost':1036
- www.mi###urr.com/example.exe
- DNS ASK www.mi###urr.com