To complicate detection of its presence in the operating system,
forces the system hide from view:
hidden files
Creates and executes the following:
'%PROGRAM_FILES%\a.exe'
'%PROGRAM_FILES%\a.exe' (downloaded from the Internet)
Forces autoplay for removable media.
Sets a new unauthorized home page for Windows Internet Explorer.
Modifies file system :
Creates the following files:
%WINDIR%\noteped.exe
%PROGRAM_FILES%\exp1orer.exe
%PROGRAM_FILES%\a.exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\Sx_server[1].exe
<SYSTEM32>\exp1orer.exe
C:\autorun.inf
C:\exp1orer.exe
%WINDIR%\exp1orer.exe
C:\system.vbs
Sets the 'hidden' attribute to the following files:
%PROGRAM_FILES%\a.exe
<Drive name for removable media>:\system.vbs
<SYSTEM32>\exp1orer.exe
%PROGRAM_FILES%\exp1orer.exe
%WINDIR%\exp1orer.exe
C:\autorun.inf
C:\exp1orer.exe
C:\system.vbs
<Drive name for removable media>:\autorun.inf
<Drive name for removable media>:\exp1orer.exe
Network activity:
Connects to:
'h1####8667.3322.org':8081
'www.ku##vb.com':80
TCP:
HTTP GET requests:
www.ku##vb.com/Sx_server.exe
UDP:
DNS ASK h1####8667.3322.org
DNS ASK www.ku##vb.com
Descargue Dr.Web para Android
Gratis por 3 meses
Todos los componentes de protección
Renovación de la demo a través de AppGallery/Google Pay
Si Vd. continúa usando este sitio web, esto significa que Vd. acepta el uso de archivos Cookie y otras tecnologías para que recabemos las estadísticas sobre los visitantes. Más información