It will modify Windows Registry and add the following entries:
HKEY_CURRENT_USER\Software\System Tool 2011
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “2487226410″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “[random]”
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
“[Random]“=”c:\Documents and Settings\All Users\Application Data\[Random].exe”
The threat will drop the following malicious files:
%AppData%\[random]\
%AppData%\2487226410
%AppData%\[random]\[random].bat (2487226410.bat)
%AppData%\[random]\[random].cfg (2487226410.cfg)
%AppData%\[random]\[random].exe (2487226410.exe)
%UserProfile%\Desktop\System Tool 2011.lnk
%UserProfile%\Start Menu\Programs\System Tool 2011.lnk
%temp%.\[random]\
%systemdrive%\Documents and Settings\All Users\Application Data\2BcT333842 [Random Folder]
-%systemdrive%\Documents and Settings\All Users\Application Data\2BcT333842\2BcT333842 [Random File]
-%systemdrive%\Documents and Settings\All Users\Application Data\2BcT333842\2BcT333842.exe [Random Files]