Technical Information
To ensure autorun and distribution
Sets the following service settings
- [HKLM\SYSTEM\CurrentControlSet\Services\Iprip\] 'Start' = '00000002'
- [HKLM\SYSTEM\CurrentControlSet\Services\Iprip\Parameters\] 'ServiceDll' = '<SYSTEM32>\liprip.dll'
- [HKLM\System\CurrentControlSet\Services\Iprip] 'Start' = '00000002'
- [HKLM\System\CurrentControlSet\Services\Iprip] 'ImagePath' = '<SYSTEM32>\svchost.exe -k netsvcs'
Creates the following services
- 'Iprip' <SYSTEM32>\svchost.exe -k netsvcs
Modifies file system
Creates the following files
- %TEMP%\glcbf77.tmp
- %TEMP%\gljc091.tmp
- %TEMP%\glgc516.tmp
- %WINDIR%\~glh0000.tmp
- %WINDIR%\inf\~glh0001.tmp
- C:\recycled\~glh0002.tmp
- %WINDIR%\syswow64\~glh0003.tmp
- %TEMP%\~glh0004.tmp
- %WINDIR%\syswow64\~glh0005.tmp
- C:\recycled\~glh0006.tmp
- %WINDIR%\inf\~glh0007.tmp
- %WINDIR%\help\~glh0008.tmp
- C:\recycled\~glh0009.tmp
Deletes the following files
- %TEMP%\set.exe
- %TEMP%\glgc516.tmp
- %TEMP%\gljc091.tmp
- %TEMP%\glcbf77.tmp
Moves the following files
- from %WINDIR%\~glh0000.tmp to %WINDIR%\kentgo.log
- from %WINDIR%\inf\~glh0001.tmp to %WINDIR%\inf\optkec.inf
- from C:\recycled\~glh0002.tmp to C:\recycled\qkf.dat
- from %WINDIR%\syswow64\~glh0003.tmp to %WINDIR%\syswow64\fsutk.dll
- from %TEMP%\~glh0004.tmp to %TEMP%\set.exe
- from %WINDIR%\syswow64\~glh0005.tmp to %WINDIR%\syswow64\liprip.dll
- from C:\recycled\~glh0006.tmp to C:\recycled\lip.dat
- from %WINDIR%\inf\~glh0007.tmp to %WINDIR%\inf\iplbk.inf
- from %WINDIR%\help\~glh0008.tmp to %WINDIR%\help\fkhfu.chi
- from C:\recycled\~glh0009.tmp to C:\recycled\ctv.dat
Miscellaneous
Creates and executes the following
- '%TEMP%\set.exe'
- '%TEMP%\gljc091.tmp' <SYSTEM32>\fsutk.dll
