File size: 116397 bytes
CRC32: F9646208
MD5: F7DFAC2FE1DC7EEF101094C8C0818DE7
SHA-1: 64AC139344A2594F8AFA55C05AAF86F053060CA5
===================================================
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
cdoosoft = "%Temp%\herss.exe"
Hidden\SHOWALL\CheckedValue: 0x00000000
HKCU\ Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
Hidden: 0x00000002
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
ShowSuperHidden: 0x00000000
CRC32: F9646208
MD5: F7DFAC2FE1DC7EEF101094C8C0818DE7
SHA-1: 64AC139344A2594F8AFA55C05AAF86F053060CA5
===================================================
Create files
C:\Documents and Settings\[User]\Local Settings\temp\herss.exe
C:\Documents and Settings\[User]\\Local Settings\temp\cvasds0.dll (0 – 9)
C:\Documents and Settings\[User]\\Local Settings\temp\am1.rar > am1.exe
X: mranjm-exe
X:\autorun.inf
Keys addedHKLM\SOFTWARE\Classes\CLSID\MADOWN
- Values added
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
cdoosoft = "%Temp%\herss.exe"
Values modifiedHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\
Hidden\SHOWALL\CheckedValue: 0x00000000
HKCU\ Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
Hidden: 0x00000002
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
ShowSuperHidden: 0x00000000
