Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'dian.exe' = '%WINDIR%\dian.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '<Virus name>.exe' = '<Full path to virus>'
- '%WINDIR%\setup.exe'
- '%WINDIR%\H03.exe'
- '%WINDIR%\H02.exe'
- '%WINDIR%\FunshionInstall_C9518.exe'
- '%WINDIR%\H05.exe'
- '%WINDIR%\H04.exe'
- '%WINDIR%\AlexaInstaller.exe'
- '%WINDIR%\xia.exe'
- '%WINDIR%\shua.exe'
- '%WINDIR%\dian.exe'
- '%WINDIR%\H01.exe'
- '%WINDIR%\setup_iesuper_0010089.exe'
- '%WINDIR%\AlexaInstaller.exe' (downloaded from the Internet)
- '%WINDIR%\setup.exe' (downloaded from the Internet)
- '%WINDIR%\FunshionInstall_C9518.exe' (downloaded from the Internet)
- '%WINDIR%\H02.exe' (downloaded from the Internet)
- '%WINDIR%\setup_iesuper_0010089.exe' (downloaded from the Internet)
- '%WINDIR%\H01.exe' (downloaded from the Internet)
- '%WINDIR%\H05.exe' (downloaded from the Internet)
- '%WINDIR%\H04.exe' (downloaded from the Internet)
- '%WINDIR%\H03.exe' (downloaded from the Internet)
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\H05[1].exe
- %WINDIR%\H05.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\H-TongJi[1].Html
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\list[1].txt
- %WINDIR%\H03.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\H04[1].exe
- %WINDIR%\H04.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\AlexaInstaller[1].exe
- %WINDIR%\AlexaInstaller.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\Alexa[1].txt
- %WINDIR%\setup.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\download[1].php
- %WINDIR%\FunshionInstall_C9518.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\spClick[1].aspx
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\ShuaWeb[1].txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\H01[1].exe
- %WINDIR%\xia.exe
- <SYSTEM32>\urlmor.dll
- %WINDIR%\dian.exe
- %WINDIR%\shua.exe
- %WINDIR%\H02.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\list[1].txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\H03[1].exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\H02[1].exe
- %WINDIR%\H01.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\dl[1].htm
- %WINDIR%\setup_iesuper_0010089.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\H02[1].exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\list[1].txt
- %TEMP%\~DFD966.tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\dl[1].htm
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\ShuaWeb[1].txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\H01[1].exe
- 'pa#####.funshion.com':80
- 'localhost':1044
- 'cl####.alexa.com':80
- 'sp####.baidu.com':80
- 'u.###ma8.com':80
- 'www.xi##he.com':80
- 'localhost':1037
- 'localhost':1041
- 'localhost':1040
- pa#####.funshion.com/partner/download.php?id#####
- www.xi##he.com/H-TongJi.Html
- www.xi##he.com/H05.exe
- www.xi##he.com/Alexa.txt
- cl####.alexa.com/install/AlexaInstaller.exe
- sp####.baidu.com/spcode/spClick?tn#################################################################################################################
- www.xi##he.com/H04.exe
- u.###ma8.com/pv/dl.htm?ad####################
- www.xi##he.com/H01.exe
- www.xi##he.com/ShuaWeb.txt
- www.xi##he.com/H03.exe
- www.xi##he.com/H02.exe
- www.xi##he.com/list.txt
- DNS ASK sp####.baidu.com
- DNS ASK cl####.alexa.com
- DNS ASK pa#####.funshion.com
- DNS ASK www.xi##he.com
- DNS ASK u.###ma8.com
- ClassName: 'Button' WindowName: '&Next >'
- ClassName: 'Button' WindowName: '&Install'
- ClassName: 'Button' WindowName: '&Finish'
- ClassName: 'Static' WindowName: 'Installation Complete'
- ClassName: 'Static' WindowName: 'Choose Install Location'
- ClassName: 'Static' WindowName: 'Choose Start Menu Folder'
- ClassName: 'Static' WindowName: 'Choose Shortcuts'
- ClassName: '' WindowName: ''
- ClassName: '#32770' WindowName: 'Avant Browser 11.7 build 23 Setup'
- ClassName: '#32770' WindowName: 'Alexa Toolbar Setup'
- ClassName: '#32770' WindowName: 'Alexa Toolbar Setup '
- ClassName: '#32770' WindowName: 'Avant Browser 11.7 build 23 Setup '
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '#32770' WindowName: 'Funshion 1.5.2.15 Beta ?? '
- ClassName: '#32770' WindowName: 'Funshion 1.5.2.15 Beta ??'
- ClassName: 'Button' WindowName: 'I &Agree'
- ClassName: 'Button' WindowName: 'OK'
- ClassName: 'Button' WindowName: '???(&I)'
- ClassName: 'Button' WindowName: '??(&I)'
- ClassName: '#32770' WindowName: 'Installer Language'
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: '#32770' WindowName: 'IESuper(v1.1) ?? '
- ClassName: 'Button' WindowName: '??(&F)'
- ClassName: 'Button' WindowName: '??(&A)'
- ClassName: 'Button' WindowName: '???(&N) >'
- ClassName: 'Button' WindowName: '???(&N)'
- ClassName: '#32770' WindowName: '????'
- ClassName: '#32770' WindowName: ' '
- ClassName: '#32770' WindowName: ''
- ClassName: 'Button' WindowName: '????'