Technical Information
Modifies file system
Creates the following files
- %TEMP%\uxeblnyywa.js
- %TEMP%\vybdkgi_9174.exe
Network activity
Connects to
- 'zi######gento.dealopia.com':80
TCP
HTTP GET requests
- http://av###ix.com.br/mgw1Z9
- http://ve###as.com.br/Z4HMtD
- http://kb#.com.au/P6nsHZ
- http://as###nyc.com/ZLyoO2
- http://ae####ant.com.br/D0d34W
- http://ho####fluggage.com/dcFPfq
- http://ph###onlamp.com/mqSfkV
- http://se####furniture.com/WLXTvD
- http://wb####online.com/lKUYSO
- http://st####fit.com.br/i3Dvy5
- http://wa######sformations.co.uk/9TOV5X
- http://me####plyonline.com/8Y9Z1a
- http://fa####ecia.com.br/2CNiOa
- http://fa####ecia.com.br/2CNiOa/
- http://bu#######intandwallpaper.com/zhb1iJ
UDP
- DNS ASK ro####egmeals.com
- DNS ASK bu#######intandwallpaper.com
- DNS ASK fa####ecia.com.br
- DNS ASK me####plyonline.com
- DNS ASK wa######sformations.co.uk
- DNS ASK le######cyandsupply.com.sg
- DNS ASK st####fit.com.br
- DNS ASK pa####etwork.com
- DNS ASK ga####zoneuk.com
- DNS ASK wb####online.com
- DNS ASK se####furniture.com
- DNS ASK ph###onlamp.com
- DNS ASK xi##.com.sg
- DNS ASK fa####racelets.com
- DNS ASK ho####fluggage.com
- DNS ASK ae####ant.com.br
- DNS ASK sa####yonline.com
- DNS ASK as###nyc.com
- DNS ASK co#####rmuseumbd.com
- DNS ASK ht####niture.com
- DNS ASK me#####ilavsiparisi.com
- DNS ASK kb#.com.au
- DNS ASK pe#####buyutuculer.com
- DNS ASK ju####info.com.br
- DNS ASK ve###as.com.br
- DNS ASK av###ix.com.br
- DNS ASK le###asari.com
- DNS ASK pa####dicrafts.com
- DNS ASK zi######gento.dealopia.com
Miscellaneous
Creates and executes the following
- '<SYSTEM32>\wscript.exe' %TEMP%\uxEBlnYYWA.js
