Technical Information
To ensure autorun and distribution:
Creates the following files on removable media:
- <Drive name for removable media>:\AutoRun.inf
- <Drive name for removable media>:\USBWorm.exe
Malicious functions:
Creates and executes the following:
- <SYSTEM32>\USBWorm.exe
Executes the following:
- <SYSTEM32>\cmd.exe /c c:\KILLER.BAT
- <SYSTEM32>\format.com D: /q /x /y
- <SYSTEM32>\format.com Z: /q /x /y
- <SYSTEM32>\cmd.exe /c bat.bat
- %WINDIR%\explorer.exe C:\
- <SYSTEM32>\reg.exe import key.reg
Modifies file system :
Creates the following files:
- <Current directory>\YXVDTJ.GWE
- <Current directory>\ZALDNX.RBL
- <Current directory>\NOQAKU.OHR
- <Current directory>\VXYISL.FPZ
- <Current directory>\WXZJTL.FPZ
- <Current directory>\FECKAQ.WDT
- <Current directory>\NLKAHX.DLB
- <Current directory>\ZXWMTJ.PXN
- <Current directory>\KMNXHR.LVO
- <Current directory>\UWXHRK.EOG
- <Current directory>\PRKUEO.ISC
- <Current directory>\OQRBLV.YIS
- <Current directory>\QONUKA.GOE
- <Current directory>\GISLVF.ZJT
- <Current directory>\UVXHRB.DNX
- <Current directory>\JLEOYI.CMW
- <Current directory>\EDBJZP.VCS
- <Current directory>\ZBCMWG.ATD
- <Current directory>\HJKUEO.ISL
- <Current directory>\KMNXHR.LVF
- <Current directory>\LNGQAK.NXH
- <Current directory>\ECBRYO.UCS
- <Current directory>\UVXHRB.VNX
- <Current directory>\LNOYIB.VFP
- <Current directory>\ACMWPZ.TDN
- <Current directory>\UVXHRJ.DNX
- <Current directory>\JCMWGQ.TDN
- <Current directory>\MTJZGW.CKA
- <Current directory>\DFGQJT.NXH
- <Current directory>\HFEUBR.XFV
- <Current directory>\RTMWGY.SCV
- <Current directory>\WUKAQY.EUK
- <Current directory>\YAKUNX.RBL
- <Current directory>\RTUEOY.SCM
- <Current directory>\UNOHRB.VFP
- <Current directory>\QONUKA.YOE
- <Current directory>\AYXEUK.IYO
- <Current directory>\KJHPFV.SIY
- <Current directory>\XEUKAH.NDL
- <Current directory>\IHFVDT.ZGW
- <Current directory>\MTJZPW.CSA
- <Current directory>\EFHRBL.FPH
- <Current directory>\OPISCM.GQA
- <Current directory>\GHJTLV.PZJ
- <Current directory>\RKMEOY.SCM
- <Current directory>\VXYISC.WGQ
- <Current directory>\JLMWGQ.TDN
- <Current directory>\DFGQAL.NXH
- C:\KILLER.BAT
- C:\USBWorm.exe
- <Current directory>\ZXWDTB.HXN
- <Current directory>\SUVFPZ.TMW
- <Current directory>\RXNVLB.YGW
- <Current directory>\KLEOYI.CMW
- <Current directory>\DCAIYO.LBR
- <Current directory>\XWUCSI.OVL
- <Current directory>\VWYISC.EOY
- <Current directory>\key.reg
- <Current directory>\bat.bat
- <SYSTEM32>\USBWorm.exe
- <Current directory>\ACVFPZ.CMW
- <Current directory>\WYRBLV.PZR
- <Current directory>\RYOEUB.HXF
- <Current directory>\DKAQXN.TBR
- C:\AutoRun.inf
- <Current directory>\IYWMUK.HXF
- <Current directory>\OMLSIY.WMC
- <Current directory>\TVWGQA.DNX
- <Auxiliary element>
- <Current directory>\ZBLVOY.SCM
- <Current directory>\VTSIPF.LTJ
- <Current directory>\LKIQGW.TJZ
- <Current directory>\MSIQGW.CJZ
- <Current directory>\JIGOEU.AHX
- <Current directory>\NUKRHX.VLB
- <Current directory>\GEUKAI.OEU
- <Current directory>\QSTDNX.RBU
- <Current directory>\CEFPZJ.MWG
- <Current directory>\XQSKUE.YIS
- <Current directory>\HIKUEO.QAL
- <Current directory>\NPZJCM.GQA
- <Current directory>\QPFVLB.YOE
- <Current directory>\DJZPXN.TAQ
- <Current directory>\GNDTAQ.WEU
- <Current directory>\EGHRBL.OYI
- <Current directory>\HNDLBR.OEU
Sets the 'hidden' attribute to the following files:
- <Drive name for removable media>:\USBWorm.exe
- <Drive name for removable media>:\AutoRun.inf
- C:\AutoRun.inf
- <SYSTEM32>\USBWorm.exe
- C:\USBWorm.exe
Deletes the following files:
- <Current directory>\key.reg
Miscellaneous:
Searches for the following windows:
- ClassName: '' WindowName: ''
