Technical Information
To ensure autorun and distribution:
Creates the following files on removable media:
- <Drive name for removable media>:\AutoRun.inf
- <Drive name for removable media>:\USBWorm.exe
Malicious functions:
Creates and executes the following:
- <SYSTEM32>\USBWorm.exe
Executes the following:
- <SYSTEM32>\cmd.exe /c c:\KILLER.BAT
- <SYSTEM32>\format.com D: /q /x /y
- <SYSTEM32>\format.com Z: /q /x /y
- <SYSTEM32>\cmd.exe /c bat.bat
- %WINDIR%\explorer.exe C:\
- <SYSTEM32>\reg.exe import key.reg
Modifies file system :
Creates the following files:
- <Current directory>\CJYFMC.YOV
- <Current directory>\VKAHWD.APW
- <Current directory>\YVLSHO.LAH
- <Current directory>\HFMCJY.VCR
- <Current directory>\BRGNUK.GND
- <Current directory>\PNUJQG.CJZ
- <Current directory>\TEXHAC.XQB
- <Current directory>\MWPACM.QJT
- <Current directory>\ZPNUJQ.NCJ
- <Current directory>\IGNDKZ.NDK
- <Current directory>\JUWPZS.NGR
- <Current directory>\ALVOZS.NGQ
- <Current directory>\FDKZGW.SZP
- <Current directory>\UBIYFU.RYN
- <Current directory>\HJTEXH.CNG
- <Current directory>\JLWGZK.NYR
- <Current directory>\MONGQB.EXI
- <Current directory>\RPWLSI.ELB
- <Current directory>\TMWPAC.FQJ
- <Current directory>\ZKDNGR.UFY
- <Current directory>\VGZSCN.QJU
- <Current directory>\ZKDNYR.UFY
- <Current directory>\RBDWHA.MXQ
- <Current directory>\PRKUNY.BMF
- <Current directory>\AYWDMB.YFU
- <Current directory>\QOVTJQ.MCJ
- <Current directory>\HAUNYR.UFY
- <Current directory>\NDBIXE.BQX
- <Current directory>\MKZPWL.ZPW
- <Current directory>\DBIXEL.IXE
- <Current directory>\CIPFMB.YFU
- <Current directory>\IYFUBR.NUB
- <Current directory>\QACVGZ.UNX
- <Current directory>\LWYRBU.PIT
- <Current directory>\YOVKRH.DKR
- <Current directory>\ECRHOD.RHO
- <Current directory>\GETJQF.TJQ
- <Current directory>\OHRKVO.JCM
- <Current directory>\PZBUFY.TMW
- <Current directory>\GZJCNG.BUE
- <Current directory>\RXELAH.ETA
- <Current directory>\DBQXDR.ELB
- <Current directory>\SHXETA.XMT
- <Current directory>\APFMBI.FUB
- <Current directory>\UBQXNU.QGN
- <Current directory>\NCRYOV.RYO
- <Current directory>\JQGNCJ.GNC
- <Current directory>\GIGZJU.XQB
- <Current directory>\UJQFMC.YFV
- <Current directory>\RYOVKR.OVK
- <Current directory>\TDFYJC.XQA
- <Current directory>\WGZKDN.RBU
- <Current directory>\RYOVKR.ODK
- <Current directory>\GEUJQX.UJQ
- <Current directory>\TIPELB.XEU
- <Current directory>\TRPWDT.PWM
- <Current directory>\OMKRYN.KRG
- <Current directory>\MBIYFU.RYN
- <Current directory>\BZGNDK.GWD
- <Current directory>\GRTMWP.CMF
- <Current directory>\PISLWP.KDN
- <Current directory>\FQJTEX.ACN
- <Current directory>\QSUNGR.UFY
- <Current directory>\JLDOHR.VFY
- <Current directory>\GZKUNY.BMF
- <Current directory>\GRTMWH.CVF
- <Current directory>\IBLEPI.DWG
- <Current directory>\JGWDSZ.WLS
- <Current directory>\VLQGNC.ZGV
- <Current directory>\XNKZGW.SZP
- <Current directory>\JLEPZS.WGR
- <Current directory>\PRCMFQ.TEX
- <Current directory>\GMBIYF.BRY
- <Current directory>\AQOVKR.ODK
- <Current directory>\JQTAQX.TJQ
- <Current directory>\RYNUBR.NUK
- <Current directory>\MJZGVC.ZOV
- <Current directory>\TIAHOE.AHX
- <Current directory>\VBIXEL.IXE
- <Current directory>\LJQFMC.YFV
- <Current directory>\LNGZJU.XQB
- <Current directory>\BUEXIB.WPZ
- <Current directory>\FHSCVG.JUN
- <Current directory>\JYOVKR.ODK
- <Current directory>\NXZSDW.RKU
- <Current directory>\CMFQAC.GZJ
- <Current directory>\FHACNG.JUE
- <Current directory>\KRHODK.HOD
- <Current directory>\IGVCSZ.VLS
- <Current directory>\MXZSCV.QJU
- <Current directory>\ACVFYJ.MXQ
- <Current directory>\DFYJCM.QAC
- <Current directory>\QOMTAQ.MTJ
- <Current directory>\TJQFMC.YFV
- <Current directory>\PNLSZP.LSI
- <Current directory>\RHWDKA.WDT
- <Current directory>\WXYZAB.DEF
- <Current directory>\ECJYFV.RYO
- <Current directory>\KIGNUK.GND
- <Current directory>\YWLSIP.LBI
- <Current directory>\WHRKVO.JCM
- <Current directory>\TIPFMB.YFU
- <Current directory>\ZXMCJY.MCJ
- <Current directory>\SQXMTJ.FMC
- <Current directory>\RTDOHR.VFY
- <Current directory>\SUFPIT.WHA
- <Current directory>\ZSCNGQ.UNX
- <Auxiliary element>
- <Current directory>\TVXQJU.XIB
- <Current directory>\IKVFYJ.MXQ
- <Current directory>\BZGVCS.OVL
- <Current directory>\AYWDKA.WDT
- <Current directory>\QGZPWL.IPE
- <Current directory>\QOMTAP.MTI
- <Current directory>\JHFMTJ.FMC
- <Current directory>\WLSHOE.AHO
- <Current directory>\EDCBAZ.XWV
- <Current directory>\BDNGRK.FYI
- <Current directory>\NPRKVO.RCV
- <Current directory>\ZJLEPI.DWG
- <Current directory>\SDFYIB.WPA
- <Current directory>\EPZSDW.RKU
- <Current directory>\ZBUEPI.LWG
- <SYSTEM32>\USBWorm.exe
- <Current directory>\QACNGQ.UEX
- <Current directory>\EGIBUF.ITM
- <Current directory>\BZOMTJ.FMC
- <Current directory>\MJZGVC.ZGV
- <Current directory>\UJQGNC.QGN
- <Current directory>\XIKDNG.BUF
- <Current directory>\bat.bat
- <Current directory>\key.reg
- <Current directory>\KUNYRB.FPI
- <Current directory>\LVGZJC.XQB
- <Current directory>\WHACMF.ACV
- C:\AutoRun.inf
- C:\USBWorm.exe
- C:\KILLER.BAT
- <Current directory>\NPRKDN.RBU
- <Current directory>\WGRKUN.IBM
- <Current directory>\HJLEOH.LVG
- <Current directory>\NLODKA.WDK
- <Current directory>\SYFMBI.FUB
- <Current directory>\LJYOVK.YOV
- <Current directory>\KIXEUB.XNU
- <Current directory>\SQGVCS.OVC
- <Current directory>\VTAPWD.APW
- <Current directory>\MWHACM.QAC
- <Current directory>\VGIBLE.ZSD
- <Current directory>\ECJYFV.RYF
- <Current directory>\WYALVO.JCN
- <Current directory>\JTEXHA.NXQ
- <Current directory>\GQSLWP.KDN
- <Current directory>\VGQJUN.IBL
- <Current directory>\MWEXIS.WPZ
- <Current directory>\ZOVKRH.DKA
- <Current directory>\ECJZGV.SZO
- <Current directory>\VOHRKV.YRC
- <Current directory>\SUNXIB.EPI
- <Current directory>\HFUBRY.UKR
- <Current directory>\SZOVCS.OVL
- <Current directory>\KZPWLS.PEL
- <Current directory>\NGRBUF.ITM
- <Current directory>\CVFYJC.XQA
- <Current directory>\CEGZSC.GQJ
- <Current directory>\PNCJZG.CSZ
- <Current directory>\ELPWMT.PFM
- <Current directory>\TVGQJU.XIB
- <Current directory>\XVCRYO.KRH
- <Current directory>\RHODKA.WDT
- <Current directory>\IXETAQ.MTJ
- <Current directory>\BYOVKR.ODK
- <Current directory>\JHOELA.XET
- <Current directory>\MKIPWM.IPF
- <Current directory>\PNUBQX.UJQ
- <Current directory>\SHFMCJ.FVC
- <Current directory>\OETAHX.TAQ
- <Current directory>\NCAHXE.AQX
- <Current directory>\DAQXMT.QFM
- <Current directory>\YNLSIP.LBI
- <Current directory>\AYWDKZ.WDS
- <Current directory>\SCNXQJ.NGZ
- <Current directory>\SDWPZS.WGZ
- <Current directory>\SCQJTE.HSL
- <Current directory>\GQBUEX.SLW
- <Current directory>\XZSDWG.KUN
- <Current directory>\HRCVFY.TMX
- <Current directory>\TIGNDK.GND
- <Current directory>\BLNGRK.FYI
- <Current directory>\EGZSCN.QJU
- <Current directory>\ALNGQB.EXI
- <Current directory>\PNUKIP.LSI
- <Current directory>\ECJQGN.JZG
- <Current directory>\EOQJUN.IBL
- <Current directory>\ACVGZJ.NXQ
- <Current directory>\VGZJUN.QBU
Sets the 'hidden' attribute to the following files:
- <Drive name for removable media>:\USBWorm.exe
- <Drive name for removable media>:\AutoRun.inf
- C:\AutoRun.inf
- <SYSTEM32>\USBWorm.exe
- C:\USBWorm.exe
Deletes the following files:
- <Current directory>\key.reg
Miscellaneous:
Searches for the following windows:
- ClassName: '' WindowName: ''
