Technical Information
To ensure autorun and distribution
Modifies the following registry keys
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'GoGo.vbe' = '"%APPDATA%\GoGo.vbe"'
- [<HKLM>\Software\Microsoft\Windows\CurrentVersion\Run] 'GoGo.vbe' = '"%APPDATA%\GoGo.vbe"'
Creates or modifies the following files
- %APPDATA%\microsoft\windows\start menu\programs\startup\gogo.vbe
Creates the following files on removable media
- <Drive name for removable media>:\gogo.vbe
- <Drive name for removable media>:\skypesetup.exe.lnk
- <Drive name for removable media>:\utorrent.exe.lnk
- <Drive name for removable media>:\aoc_saq_d_v3_merchant.docx.lnk
- <Drive name for removable media>:\glidescope_review_rev_010.docx.lnk
- <Drive name for removable media>:\file_p_00000000_1371597592.docx.lnk
- <Drive name for removable media>:\thlps_keeper_mayer_1965.docx.lnk
- <Drive name for removable media>:\sdszfo.docx.lnk
- <Drive name for removable media>:\february_catalogue__2015.doc.lnk
- <Drive name for removable media>:\508softwareandos.doc.lnk
- <Drive name for removable media>:\testcertificate.cer.lnk
- <Drive name for removable media>:\contoso.cer.lnk
- <Drive name for removable media>:\testee.cer.lnk
- <Drive name for removable media>:\sdkfailsafeemulator.cer.lnk
- <Drive name for removable media>:\contosoroot_1.cer.lnk
- <Drive name for removable media>:\dashborder_192.bmp.lnk
- <Drive name for removable media>:\dashborder_120.bmp.lnk
- <Drive name for removable media>:\dashborder_144.bmp.lnk
- <Drive name for removable media>:\dial.bmp.lnk
- <Drive name for removable media>:\default.bmp.lnk
- <Drive name for removable media>:\calc.exe.lnk
- <Drive name for removable media>:\videos.lnk
Modifies file system
Creates the following files
- %APPDATA%\gogo.vbe
Network activity
Connects to
- 'ag###.wikaba.com':1010
UDP
- DNS ASK ag###.wikaba.com
