Technical Information
To ensure autorun and distribution:
Creates the following services:
- [<HKLM>\SYSTEM\ControlSet001\Services\DRIVER_B] 'ImagePath' = '<DRIVERS>\DRIVER_BIN32'
Malicious functions:
Executes the following:
- '%TEMP%\ITi3JMem' -f %TEMP%\8iWNs1iK
Modifies file system:
Creates the following files:
- <DRIVERS>\DRIVER_BIN32
- %TEMP%\8iWNs1iK
- %TEMP%\ITi3JMem
Deletes the following files:
- %TEMP%\8iWNs1iK
- <DRIVERS>\DRIVER_BIN32
- %TEMP%\ITi3JMem
Network activity:
Connects to:
- 'ww##.aumodz.net':80
UDP:
- DNS ASK ww##.aumodz.net
Miscellaneous:
Searches for the following windows:
- ClassName: 'Shell_TrayWnd' WindowName: ''
