Here's one:
It creates this dir - c:\Users\%username%\appdata\Roaming\winapp\
Now - if you're thinking that creating this dir yourself and then read/write protecting it will make this malware not execute fully, you're wrong :)
If it cant access that location to create the directory, it simply dumps the PE on Desktop and executes from there.
Cool stuff!
It creates this dir - c:\Users\%username%\appdata\Roaming\winapp\
Now - if you're thinking that creating this dir yourself and then read/write protecting it will make this malware not execute fully, you're wrong :)
If it cant access that location to create the directory, it simply dumps the PE on Desktop and executes from there.
Cool stuff!
No comments:
Post a Comment