Yulihubot (pp)
Copyright © MegaSecurity
By ?
Informations
| From | China |
| Author | ? |
| Family | Yulihubot |
| Category | Remote Access |
| Version | Yulihubot (pp) |
| Language | Delphi, compressed with UPX |
Additional Information
dropped files:
c:\WINDOWS\system32\iisinfo.exe size: 49.352 bytes
c:\WINDOWS\system32\smtp.dll size: 37.376 bytes
c:\WINDOWS\system32\wupdata.exe size: 49.352 bytes
startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run "UpData"
data: C:\WINDOWS\System32\wupdata.exe
HKEY_CLASSES_ROOT\chm.file\shell\open\command "(Default)"
old data: "C:\WINDOWS\hh.exe" %1
new data: C:\WINDOWS\System32\iisinfo.exe "%1"If you recognize any personal information on this page and wish to have it removed or redacted, please contact us at jplesueur@phrozen.io. We are committed to protecting your privacy in accordance with GDPR regulations.