Technical Information
Malicious functions
Reads files which store third party applications passwords
- %LOCALAPPDATA%\google\chrome\user data\default\web data
Searches for windows to
detect analytical utilities:
- ClassName: 'PROCMON_WINDOW_CLASS', WindowName: ''
detect programs and games:
- ClassName: 'gdkWindowToplevel', WindowName: ''
Modifies file system
Creates the following files
- %TEMP%\cryptedfile.exe
- %APPDATA%\09062006238.jpg
- %APPDATA%\chrtmp
Miscellaneous
Creates and executes the following
- '%TEMP%\cryptedfile.exe'
