Hooks the following functions in System Service Descriptor Table (SSDT):
NtWriteVirtualMemory, handler: OGQFCHJO.sys
NtReadVirtualMemory, handler: OGQFCHJO.sys
NtOpenProcess, handler: OGQFCHJO.sys
Sets a new unauthorized home page for Windows Internet Explorer.
Modifies file system :
Creates the following files:
<SYSTEM32>\svchosto.exe
<SYSTEM32>\Setup\servero.exe
<DRIVERS>\OGQFCHJO.sys
Sets the 'hidden' attribute to the following files:
<Drive name for removable media>:\svchosto.exe
<Drive name for removable media>:\AutoRun.inf
Deletes the following files:
<DRIVERS>\OGQFCHJO.sys
Moves the following files:
from <SYSTEM32>\Setup\servero.exe to %PROGRAM_FILES%\space.exe
Network activity:
Connects to:
'hu##.3322.org':2013
'localhost':2014
'qw####800.gicp.net':2013
'www.tx##88.com':80
TCP:
HTTP GET requests:
www.tx##88.com/2013/rc/0.txt
UDP:
DNS ASK hu##.3322.org
DNS ASK www.tx##88.com
DNS ASK qw####800.gicp.net
Miscellaneous:
Searches for the following windows:
ClassName: 'Indicator' WindowName: '(null)'
Scaricate Dr.Web per Android
Gratis per 3 mesi
Tutti i componenti di protezione
Rinnovo versione di prova tramite AppGallery/Google Pay
Continuando a utilizzare questo sito, l'utente acconsente al nostro utilizzo di file Cookie e di altre tecnologie per la raccolta di informazioni statistiche sui visitatori. Per maggiori informazioni