Technical Information
Malicious functions:
Executes the following:
- '<SYSTEM32>\reg.exe' add "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main" /v "Default_Page_URL" /t reg_sz /d http://www.os##5.com /f
- '<SYSTEM32>\reg.exe' add "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main" /v "Start Page" /t reg_sz /d http://www.os##5.com /f
- '<SYSTEM32>\cmd.exe' /c ""%HOMEPATH%\Favorites\Favorites.bat" "
Sets a new unauthorized home page for Windows Internet Explorer.
Modifies file system :
Creates the following files:
- %HOMEPATH%\Favorites\邮箱登陆\新浪邮箱.url
- %HOMEPATH%\Favorites\新闻网站\新闻中心-搜狐网站.url
- %HOMEPATH%\Favorites\邮箱登陆\搜狐邮件.url
- %HOMEPATH%\Favorites\游戏网络\新浪游戏_最大中文游戏媒体.url
- %HOMEPATH%\Favorites\网上购物\易趣网.url
- %HOMEPATH%\Favorites\实用查询\汉字翻译拼音.url
- %HOMEPATH%\Favorites\网上购物\淘宝网.url
- %HOMEPATH%\Favorites\实用查询\查IP地址手机号码归属地.url
- %HOMEPATH%\Favorites\邮箱登陆\欢迎使用 Gmail.url
- %HOMEPATH%\Favorites\实用查询\手机之家首页_最专业的手机社区.url
- %HOMEPATH%\Favorites\硬件相关\各类笔记本驱动.url
- %HOMEPATH%\Favorites\影音娱乐\土豆网.url
- %HOMEPATH%\Favorites\软件相关\华军软件园——共享软件发布-下载-学习-研究-交流之园.url
- %HOMEPATH%\Favorites\网上购物\卓越网.url
- %HOMEPATH%\Favorites\软件相关\天空软件站:提供国内外最新免费软件、共享软件下载!.url
- %HOMEPATH%\Favorites\银行金融\广东发展银行.url
- %HOMEPATH%\Favorites\网上购物\当当网.url
- %HOMEPATH%\Favorites\游戏网络\太平洋游戏网.url
- %HOMEPATH%\Favorites\游戏网络\小游戏,在线小游戏,www.4399.com,flash小游戏.url
- %HOMEPATH%\Favorites\邮箱登陆\登录到 Hotmail.url
- %HOMEPATH%\Favorites\实用查询\银行外汇牌价.url
- %HOMEPATH%\Favorites\邮箱登陆\雅虎免费邮箱.url
- %HOMEPATH%\Favorites\邮箱登陆\邮箱-21CN.COM.url
- %HOMEPATH%\Favorites\实用查询\金山词霸在线词典.url
- %HOMEPATH%\Favorites\影音娱乐\雅虎音乐.url
- %HOMEPATH%\Favorites\╠╘═°╓╖.url
- %HOMEPATH%\Favorites\╦╤╣╖═°╓╖╡╝║╜.url
- %HOMEPATH%\Favorites\硬件相关\驱动之家 硬件驱动专家.url
- %HOMEPATH%\Favorites\2345═°╓╖╡╝║╜.url
- %HOMEPATH%\Favorites\影音娱乐\迅雷看看.url
- %HOMEPATH%\Favorites\硬件相关\硬件ID查询并下载驱动.url
- %HOMEPATH%\Favorites\软件相关\绿软家园(绿色下载站)┊打造第一绿色软件家园.url
- %HOMEPATH%\Favorites\影音娱乐\百度MP3搜索.url
- %HOMEPATH%\Favorites\实用查询\硅谷动力硬件报价.url
- %HOMEPATH%\Favorites\邮箱登陆\网易126免费邮.url
- %HOMEPATH%\Favorites\新闻网站\联合早报.url
- %HOMEPATH%\Favorites\实用查询\航班查询-机票预定.url
- %HOMEPATH%\Favorites\邮箱登陆\网易163邮箱.url
- %HOMEPATH%\Favorites\邮箱登陆\网易VIP邮箱.url
- %HOMEPATH%\Favorites\影音娱乐\QQ163在线试听.url
- %HOMEPATH%\Favorites\邮箱登陆\QQ邮箱.url
- %HOMEPATH%\Favorites\硬件相关\MSI驱动下载.url
- %HOMEPATH%\Favorites\硬件相关\NVIDIA 驱动程序下载.url
- %HOMEPATH%\Favorites\邮箱登陆\TOM免费邮箱.url
- %HOMEPATH%\Favorites\影音娱乐\一听音乐网.url
- %HOMEPATH%\Favorites\实用查询\万年历查询.url
- %HOMEPATH%\Favorites\新闻网站\TOM新闻.url
- %HOMEPATH%\Favorites\影音娱乐\YYMP3流行音乐网.url
- %HOMEPATH%\Favorites\硬件相关\Intel下载中心.url
- %HOMEPATH%\Favorites\邮箱登陆\263天下邮.url
- %HOMEPATH%\Favorites\邮箱登陆\91电子邮箱.url
- %HOMEPATH%\Favorites\Favorites.bat
- %HOMEPATH%\Favorites\游戏网络\17173.com网络游戏第一门户站.url
- %HOMEPATH%\Favorites\硬件相关\AMD(AIT)官网.url
- %HOMEPATH%\Favorites\游戏网络\Game游戏中国.url
- %HOMEPATH%\Favorites\硬件相关\GIGABYTE支持与下载.url
- %HOMEPATH%\Favorites\硬件相关\ASUS驱动下载.url
- %HOMEPATH%\Favorites\体育运动\CCTV体育频道.url
- %HOMEPATH%\Favorites\实用查询\世纪前线—宽带测试直通车.url
- %HOMEPATH%\Favorites\邮箱登陆\亿邮首页.url
- %HOMEPATH%\Favorites\影音娱乐\优酷网.url
- %HOMEPATH%\Favorites\银行金融\中国银行.url
- %HOMEPATH%\Favorites\银行金融\交通银行.url
- %HOMEPATH%\Favorites\体育运动\体育-人民网.url
- %HOMEPATH%\Favorites\新闻网站\凤凰网.url
- %HOMEPATH%\Favorites\新闻网站\千龙网--新闻中心.url
- %HOMEPATH%\Favorites\体育运动\体育资源网.url
- %HOMEPATH%\Favorites\实用查询\全国长途汽车站客运时刻查询.url
- %HOMEPATH%\Favorites\游戏网络\中国游戏中心.url
- %HOMEPATH%\Favorites\新闻网站\中华网--新闻中心.url
- %HOMEPATH%\Favorites\影音娱乐\中国DJ嗨嗨网.url
- %HOMEPATH%\Favorites\银行金融\中信银行.url
- %HOMEPATH%\Favorites\体育运动\中华体育网.url
- %HOMEPATH%\Favorites\银行金融\中国光大银行.url
- %HOMEPATH%\Favorites\银行金融\中国建设银行.url
- %HOMEPATH%\Favorites\银行金融\中国民生银行.url
- %HOMEPATH%\Favorites\银行金融\中国农业银行.url
- %HOMEPATH%\Favorites\银行金融\中国工商银行.url
