<Drive name for removable media>:\<Virus name>.exe
Malicious functions:
Executes the following:
<SYSTEM32>\wuauclt.exe
Modifies file system :
Creates the following files:
%TEMP%\0002454c.com
Sets the 'hidden' attribute to the following files:
<Drive name for removable media>:\Autorun.inf
<Drive name for removable media>:\<Virus name>.exe
Deletes itself.
Network activity:
Connects to:
'bu###aga.net':80
'74.##5.232.51':80
TCP:
HTTP POST requests:
bu###aga.net/www/stat3.php
UDP:
DNS ASK bu###aga.net
DNS ASK google.com
By continuing to use this website, you are consenting to Doctor Web’s use of cookies and other technologies related to the collection of visitor statistics. Learn more