Technical Information
- %PROGRAM_FILES%\VDoctor\VDoctorSetup_vd1.exe (downloaded from the Internet) /verysilent
- <SYSTEM32>\cmd.exe /c "%TEMP%\<Virus name>.exe.bat"
- %TEMP%\<Virus name>.exe.bat
- %PROGRAM_FILES%\VDoctor\VDoctorSetup_vd1.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\VDoctorSetup_vd1[1].exe
- 'do##.###tidownload.co.kr':80
- do##.###tidownload.co.kr/Prog/VDoctorSetup_vd1.exe
- DNS ASK do##.###tidownload.co.kr