Technical Information
To ensure autorun and distribution:
Creates the following files on removable media:
- <Drive name for removable media>:\AutoRun.inf
- <Drive name for removable media>:\USBWorm.exe
Malicious functions:
Creates and executes the following:
- <SYSTEM32>\USBWorm.exe
Executes the following:
- <SYSTEM32>\cmd.exe /c c:\KILLER.BAT
- <SYSTEM32>\format.com D: /q /x /y
- <SYSTEM32>\format.com Z: /q /x /y
- <SYSTEM32>\cmd.exe /c bat.bat
- %WINDIR%\explorer.exe C:\
- <SYSTEM32>\reg.exe import key.reg
Modifies file system :
Creates the following files:
- <Current directory>\FMTJZH.NUK
- <Current directory>\NUKRHX.VLS
- <Current directory>\LAIYOV.BJZ
- <Current directory>\YNVLBI.OWM
- <Current directory>\QONUKA.YOV
- <Current directory>\QGNDTB.HOE
- <Current directory>\UBIYOW.TJZ
- <Current directory>\LBIYON.KSI
- <Current directory>\KMNXHR.UEO
- <Current directory>\BAYGWM.JZH
- <Current directory>\BRZPWM.KAQ
- <Current directory>\KUEXHR.LVF
- <Current directory>\RHOEUC.ZPF
- <Current directory>\YISCVF.ZJT
- <Current directory>\SQYOVL.JZP
- <Current directory>\GWMTJZ.XNU
- <Current directory>\HGEMCJ.PXN
- <Current directory>\KRHXEU.SIY
- <Current directory>\EOYIAL.FPZ
- <Current directory>\OVLBJZ.WMC
- <Current directory>\FPZJTD.FPZ
- <Current directory>\XMCKAQ.NDL
- <Current directory>\ETBRYO.MCS
- <Current directory>\BQYOEL.RZP
- <Current directory>\XHRBLV.PZR
- <Current directory>\SQGOEL.RZP
- <Current directory>\UJRHXE.KSI
- <Current directory>\XYAKDN.HRB
- <Current directory>\WVTJRH.EUC
- <Current directory>\IGOELB.ZPF
- <Current directory>\KIHOEM.SZP
- <Current directory>\HRJTDN.QAT
- <Current directory>\PFMCKA.XFV
- <Current directory>\WGQAKU.XHR
- <Current directory>\RBUEOY.SCM
- <Current directory>\VFPZRB.VFP
- <Current directory>\BLVFXH.BLV
- <Current directory>\ATDNXH.BLV
- <Current directory>\ISCUEO.ISC
- <Current directory>\DTBRYO.MCS
- <Current directory>\XMUKAY.WDT
- <Current directory>\SCMWGQ.TDN
- <Current directory>\JYGWMT.ZHX
- <Current directory>\BRHOEU.SIP
- <Current directory>\DTJRHX.UKS
- <Current directory>\TDOYIS.UEO
- <Current directory>\TUWGQA.DNX
- <Current directory>\LMWGQA.DNX
- <Current directory>\OPRBLV.PZR
- <Current directory>\JTDNXH.JTD
- <Current directory>\RGOEUS.QXN
- <Current directory>\MCJZPX.DKA
- <Current directory>\QRTDVF.ZSC
- <Current directory>\GHJTDV.PZS
- <Current directory>\CVWGZJ.DNX
- <Current directory>\HISCMW.ZJT
- <Current directory>\ISCMEO.ISC
- <Current directory>\QRTDNF.ZJT
- <Current directory>\EFPZJT.WGQ
- <Current directory>\ZSCMWG.ATD
- <Current directory>\SQEMTJ.HOE
- <Current directory>\XVLBIY.WMT
- <Current directory>\BLXPZJ.DNX
- <Current directory>\ALVFPH.BLV
- <Current directory>\ZBLVFX.RBL
- <Current directory>\ZJTDWG.ATD
- <Current directory>\XQISCM.GQA
- <Current directory>\CDNXHR.UEO
- <Current directory>\DKAQXN.LBI
- <Current directory>\XZATDN.HRB
- <Current directory>\MCKAHX.VLB
- <Current directory>\IQGNDT.RYO
- <Current directory>\XVLBJZ.WMU
- <Current directory>\WMCSAQ.NDL
- <Current directory>\TMWGQA.DEX
- <Current directory>\YRKUEO.ISC
- <Current directory>\AKDNXH.BLV
- <Current directory>\DEOHRB.VFP
- <Current directory>\NDLBRY.EMC
- <Current directory>\GQATDN.HRJ
- <Current directory>\SAQXND.BIY
- <Current directory>\HRKUEO.QAT
- <Current directory>\TAQGOE.BJZ
- <Current directory>\AKDOYI.CUE
- <Current directory>\JKUEOH.BLV
- <Current directory>\EFHRBL.NXH
- <Current directory>\MNXHRB.EOY
- <Current directory>\KQYOEL.RZP
- <Current directory>\BIPFVD.AQG
- <Current directory>\WVCSIQ.WDT
- <Current directory>\QGNDTB.YOE
- <Current directory>\MWGQAK.NXH
- <Current directory>\EFZJTD.XHZ
- <Current directory>\ATZRBL.FPZ
- <Current directory>\DEOYRB.VFP
- <Current directory>\DEGQAT.NXH
- <Current directory>\WMCKAQ.NDL
- <Current directory>\DCAIYF.LTJ
- <Current directory>\BAEUKR.XFV
- <Current directory>\OQATDN.HRB
- <Current directory>\DEISCM.GQJ
- <Current directory>\DEGQIS.MWG
- <Current directory>\RTMWOY.SCM
- <Current directory>\VFXHRB.VFP
- <Current directory>\QOEUBR.PFM
- <Current directory>\IPFVCS.QGW
- <Current directory>\SQGWEU.RHP
- <Current directory>\FUCSZY.VLB
- <Current directory>\ZXNDKA.YOV
- <Current directory>\PFMCSA.GND
- <Current directory>\HXNVLS.YGW
- <Current directory>\NCSAQX.DLB
- <Current directory>\POELBR.PWM
- <Current directory>\KAQXND.BIY
- <Current directory>\SIPFVD.AQG
- <Current directory>\KUNXHR.LVF
- <Current directory>\WGQALV.XHR
- <Current directory>\MKAQYO.LBR
- <Current directory>\ELBRYO.MCJ
- <Current directory>\IXFVCS.QGW
- <Current directory>\OYISCV.PZJ
- <Current directory>\IPFNDK.QYO
- <Current directory>\GQALVF.HRB
- <Current directory>\ZJTDNF.ZJT
- <Current directory>\PZJBLW.QAT
- <Current directory>\MLSIYG.MTJ
- <Current directory>\VLTJZG.MUK
- <Current directory>\PFNDTA.GOE
- <Current directory>\CVFPZJ.DNX
- <Current directory>\IYFVLT.ZGW
- <Current directory>\VXHRBL.NXH
- <Current directory>\CAQGOE.BRZ
- <Current directory>\PEMCSZ.FND
- <Current directory>\QRTDNF.ZJC
- <Current directory>\IYJZPX.UKA
- <Current directory>\YXVDTJ.GWE
- <Current directory>\NMKSIP.VDT
- <Current directory>\LKRHXF.LSI
- <Current directory>\SIYFVL.JQG
- <Current directory>\PRBLVO.ISC
- <Current directory>\ACNXHR.LDN
- <Current directory>\GEDKAI.OVL
- <Current directory>\UTRZPW.CKA
- <Current directory>\QXNDKA.YOE
- <Current directory>\GMUKRH.FVL
- <Current directory>\NLBJZP.MCK
- <Current directory>\KIYOWM.JZP
- <Current directory>\VTSZPX.DKA
- <Current directory>\ZPWMCK.QXN
- <Current directory>\EFPZJC.WGQ
- <Current directory>\HIKUEO.QAL
- <Current directory>\YISCMW.ZJT
- <Current directory>\SYGWMT.ZHX
- <Current directory>\HGWMTJ.HXN
- <Current directory>\MWGQJT.NFP
- <Current directory>\QPNVLS.YGW
- <Current directory>\EKOWMT.ZHX
- <Current directory>\ZGWMUK.HXF
- <Current directory>\FDQGWE.BRH
- <Current directory>\NDXNDL.IYO
- <Current directory>\IGFMCS.QXN
- <Current directory>\YWMCKA.XNV
- <Current directory>\PEUCSI.FVD
- <Current directory>\VKSIYO.LTJ
- <Current directory>\OMCKAH.NVL
- <Current directory>\HRBLVO.ISC
- <Current directory>\QPNVLB.YOW
- <Current directory>\UWGYIS.MWG
- <Current directory>\UMWGQA.DNX
- <Current directory>\ZBCMWG.ATD
- <Current directory>\QXNDLB.YOE
- <Current directory>\HRBLVF.ZRB
- <Current directory>\AKUEXH.BLV
- <Current directory>\ZJUEWG.ALV
- <Current directory>\CDFPZJ.LVF
- <Current directory>\CEFPZS.MWG
- <Current directory>\RBLVFP.JTL
- <Current directory>\ZJUEOY.ALV
- <Current directory>\NXHRBL.NXH
- <Auxiliary element>
- <Current directory>\NDKAQY.VLB
- <Current directory>\PQALVF.HRB
- <Current directory>\VWYISC.EOY
- <Current directory>\MKSIPF.DTJ
- <Current directory>\YISKUE.YIS
- <Current directory>\XHRBTD.XHR
- <Current directory>\ZRBLVF.ZJC
- <Current directory>\HPFMCS.QGN
- <Current directory>\IJLVFP.RBL
- <Current directory>\NOYISL.FPZ
- <Current directory>\TVWGQJ.DNX
- <Current directory>\NUKAHX.VLB
- <Current directory>\GNUKAI.OVL
- <Current directory>\LBIYOW.CJZ
- <Current directory>\OMCKAQ.NDL
- <Current directory>\LKRHXF.CSI
- <Current directory>\ALVFPZ.BLV
- <Current directory>\KCMWGQ.TDN
- <Current directory>\PFVLTJ.GWE
- <Current directory>\SHXFVC.IQG
- <Current directory>\AHXNVL.IYO
- <Current directory>\ZPWMCK.HXN
- <Current directory>\LJZPXN.KAI
- <Current directory>\XWDTJR.XEU
- <Current directory>\LSIYFV.TJZ
- <Current directory>\MUKAHX.VLB
- <Current directory>\HXEUKS.PFV
- <Current directory>\HXNVLB.YOW
- <Current directory>\FVCSIQ.NDT
- <Current directory>\MFXHRB.VFY
- <Current directory>\YZJTDW.QAK
- <SYSTEM32>\USBWorm.exe
- <Current directory>\QRBLEO.ISC
- <Current directory>\ZSTMWG.AKD
- <Current directory>\DEGQAK.NXH
- <Current directory>\CSZPFN.TAQ
- <Current directory>\AKVFXH.BLV
- <Current directory>\QJKDNX.RBL
- <Current directory>\MNGQAK.EXH
- <Current directory>\KUEOGQ.LVN
- <Current directory>\ACMWGQ.TDN
- <Current directory>\MTJZHX.UKA
- <Current directory>\key.reg
- <Current directory>\bat.bat
- <Current directory>\JCMWGQ.KDN
- <Current directory>\GQATDN.HRK
- <Current directory>\RBLDNX.RBL
- <Current directory>\ATDNXH.JTD
- <Current directory>\EFHRBL.FPH
- C:\KILLER.BAT
- <Current directory>\JQGWEU.RHP
- <Current directory>\TAQGOE.BRH
- <Current directory>\JTMWGH.KUE
- <Current directory>\QATDNX.RBU
- <Current directory>\EFHRBT.NXH
- <Current directory>\XEUKSI.FVL
- <Current directory>\HXNUKA.YFV
- <Current directory>\USIQGN.TBR
- <Current directory>\CAQGND.BRH
- <Current directory>\MCJZPX.UKA
- <Current directory>\IJTDNX.AKU
- <Current directory>\EOYIBL.FPZ
- <Current directory>\QALDNX.RBL
- C:\USBWorm.exe
- C:\AutoRun.inf
- <Current directory>\SLVFPZ.TDN
- <Current directory>\ZJTDVF.ZJT
- <Current directory>\FPZJTL.FPZ
- <Current directory>\BLVFPZ.TLV
- <Current directory>\FGZSCM.GQA
- <Current directory>\GVLTJH.FMC
- <Current directory>\KAHXNV.SIY
- <Current directory>\CJPXNU.AIY
- <Current directory>\NDKAQY.ELB
- <Current directory>\PZJTDN.QAK
- <Current directory>\LBIYOW.TJZ
- <Current directory>\WXZJTD.XPZ
- <Current directory>\ATDNXH.BLE
- <Current directory>\DNXQAK.EXH
- <Current directory>\DKAQYO.LBJ
- <Current directory>\TDNXHR.LEO
- <Current directory>\MWGQAL.NXH
- <Current directory>\BLTLVF.ZJT
- <Current directory>\QATDNX.RBL
- <Current directory>\YOVLBJ.PWM
- <Current directory>\MWGQAT.NXH
- <Current directory>\CMWGYI.CMW
- <Current directory>\EWGQAL.NXH
- <Current directory>\SCMWGQ.SCM
- <Current directory>\DTAQGO.LBR
- <Current directory>\AKUEOH.BLV
- <Current directory>\UVFPZS.MWG
- <Current directory>\AQXNDL.IYO
- <Current directory>\ECSIQG.DTB
- <Current directory>\ZPXNDK.QYO
- <Current directory>\NPQATD.XQA
- <Current directory>\USIPFN.KAQ
- <Current directory>\CMFPZJ.DNX
- <Current directory>\VFPZSC.WGQ
- <Current directory>\GWEUKR.XFV
- <Current directory>\JHXNUK.IYF
- <Current directory>\CAQGOE.BRH
- <Current directory>\KAQXND.BRY
- <Current directory>\FMCSZP.NDT
- <Current directory>\ZFNDTA.YOE
- <Current directory>\DCSZPF.DTA
- <Current directory>\FVCSIQ.WDT
- <Current directory>\ONLTJQ.WEU
- <Current directory>\IKUEOH.BLV
- <Current directory>\VTJQGW.UBR
- <Current directory>\DTAQGO.UBR
- <Current directory>\DCRYOE.CSZ
- <Current directory>\TIQGND.BRH
- <Current directory>\QOEUCS.PFV
- <Current directory>\TAQYOE.BRZ
- <Current directory>\SRPXNU.AQY
- <Current directory>\HATDNX.ZJT
- <Current directory>\QPNDLB.YOW
- <Current directory>\KUEOYR.LVF
- <Current directory>\WGQATD.XHR
- <Current directory>\AZXNVL.IYG
- <Current directory>\JQGWDT.RHX
- <Current directory>\UJZHXE.KSI
- <Current directory>\QRBLVO.ISC
- <Current directory>\KLNXHR.LDN
- <Current directory>\ZJCMWG.ATD
- <Current directory>\YOVLBJ.GWM
- <Current directory>\PWMCKA.XND
- <Current directory>\LSIYGW.TJZ
- <Current directory>\WXQJTD.XHZ
- <Current directory>\PNDTBR.OEU
- <Current directory>\BCEOYI.CME
- <Current directory>\NUKAIY.VLB
- <Current directory>\DNXQAK.EOH
- <Current directory>\DBRZPW.CKA
- <Current directory>\KIYOVL.JZG
- <Current directory>\LVFPHR.LEO
- <Current directory>\WXISKU.OYI
- <Current directory>\XHAKUE.YRB
- <Current directory>\IGWEUK.HXF
- <Current directory>\UBRHPF.CSI
- <Current directory>\BRZPFM.SAQ
- <Current directory>\IYFVLT.QGW
- <Current directory>\STDNXH.KUE
- <Current directory>\YISCME.YIS
- <Current directory>\XNVLSI.GWM
- <Current directory>\DEOYIB.VFP
- <Current directory>\KUEOGQ.LVF
- <Current directory>\HRKUEO.ISC
- <Current directory>\IKLVFP.SCM
- <Current directory>\CEFPZJ.MWG
- <Current directory>\LJRHOE.CSI
- <Current directory>\FLTJQG.EUK
- <Current directory>\HFVLTJ.GWM
Sets the 'hidden' attribute to the following files:
- <Drive name for removable media>:\USBWorm.exe
- <Drive name for removable media>:\AutoRun.inf
- C:\AutoRun.inf
- <SYSTEM32>\USBWorm.exe
- C:\USBWorm.exe
Deletes the following files:
- <Current directory>\key.reg
Miscellaneous:
Searches for the following windows:
- ClassName: '' WindowName: ''
