Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '360safa' = '%APPDATA%\Microsoft\Media Player\hszdl\svohost.exe'
- ClassName: 'TXGuiFoundation', WindowName: '???????? - ????????????'
- ClassName: 'TXGuiFoundation', WindowName: 'µзДФ№ЬјТ - НшВзБчБї№ЬАн'
- %APPDATA%\WindowsNet\<File name>.exe
- <Current directory>\ectool.exe
- %APPDATA%\Microsoft\Media Player\hszdl\VBS.vbs
- %WINDIR%\Temp\scs1.tmp
- %WINDIR%\Temp\scs2.tmp
- <Current directory>\ectool.exe
- %APPDATA%\Microsoft\Media Player\hszdl\svohost.exe
- %APPDATA%\Microsoft\Media Player\hszdl\VBS.vbs
- %WINDIR%\Temp\scs1.tmp
- %WINDIR%\Temp\scs2.tmp
- from <Full path to file> to %APPDATA%\Microsoft\Media Player\hszdl\svohost.exe
- '12#.#25.114.144':80
- '21#####040.f3322.net':16351
- 'jw###.msns.cn':49596
- http://www.ba##u.com/ via 12#.#25.114.144
- DNS ASK www.ba##u.com
- DNS ASK 21#####040.f3322.net
- DNS ASK jw###.msns.cn
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-b80.b84.380001'
- '<SYSTEM32>\ntvdm.exe' -f -i1
- '<SYSTEM32>\wscript.exe' "%APPDATA%\Microsoft\Media Player\hszdl\VBS.vbs"