Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\] 'MSSMSGS' = 'rundll32.exe winygg32.rom,ypbPkXeBzmR'
- iexplore.exe
- %TEMP%\dud927e.tmp
- %WINDIR%\syswow64\winygg32.rom
- %TEMP%\dud927e.bat
- %TEMP%\dud927e.tmp
- 'sa###oft.net':80
- 'sa###oft.net':443
- http://sa###oft.net/img/cmd.php?c=##########################################
- 'sa###oft.net':443
- DNS ASK sa###oft.net
- DNS ASK microsoft.com
- DNS ASK st####.rapidssl.com
- ClassName: 'IEFrame' WindowName: ''
- '%WINDIR%\syswow64\cmd.exe' /c "%TEMP%\DUd927E.bat"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c "%TEMP%\DUd927E.bat"