Technical Information
Modifies file system
Creates the following files
- %TEMP%\pb-12.exe
- %TEMP%\ad1.exe
- %TEMP%\irisskin.dll
- %TEMP%\irisskin2.dll
- %TEMP%\little.ssk
Network activity
TCP
HTTP GET requests
- http://pr####.blogspot.com/
- http://s1#.#istats.com/js15.js
- http://4.##.#logspot.com/-P8hlWgIXh0U/VWGY0qd-enI/AAAAAAAABNE/0Zo_S5P4FPg/s250-h200-c/11109313_1436599799979846_1570874386345974726_o.jpg
- http://3.##.#logspot.com/-baeElH1_ifc/VXhT_t6M-1I/AAAAAAAABSw/eugVtRNEeF8/s250-h200-c/11110561_898698990173872_4240845750773592757_o.jpg
- http://3.##.#logspot.com/-3Qs2TMXWlXw/VYRkMVCAd7I/AAAAAAAABTE/b-raC9Dbg40/s250-h200-c/Untitled.jpg
- http://1.##.#logspot.com/-x5t2_Ly4H5k/VZdj-ahZ5vI/AAAAAAAABUg/Y0DvZ9zCD78/s250-h200-c/Untitled.png
- http://3.##.#logspot.com/-oZZ9XJaPpeM/VZeo4m5dnNI/AAAAAAAABUw/NE6axt7uBjM/s250-h200-c/Untitled.png
- http://1.##.#logspot.com/-IZ48Zqj1Ezs/Vafr66Yj8AI/AAAAAAAABVc/zpDKi2WZazs/s250-h200-c/Untitled.jpg
- http://2.##.#logspot.com/-eahJX2qYh1U/Vb9_g1bVbbI/AAAAAAAABWM/haDuN109HrU/s250-h200-c/Untitled.png
- http://3.##.#logspot.com/-QEk2H1nw2us/VgACWEktTqI/AAAAAAAABXM/XIB0LeLcyy4/s250-h200-c/Untitled.png
- http://2.##.#logspot.com/-Yv0jr8qIfz0/VjuGYEhcAMI/AAAAAAAABXk/H9f0iQjHwYQ/s250-h200-c/Untitled.png
- http://ba###r.bumq.com/system/html/0/ad_media_728x90.png
- http://4.##.#logspot.com/-Vm9atP4khTU/UmuGoa78YmI/AAAAAAAAKsk/GD7UEvE9wbI/s110-h85-c/1.jpg
- http://ba###r.bumq.com/system/html/0/ad_media_300x250.png
- http://pr#####9.blogspot.com/feeds/posts/default/-/Dragon?pu########################################################################
- http://s4.##stats.com/stats/0.php?16#############################################################################################################################################################...
- http://1.##.#logspot.com/-IZ48Zqj1Ezs/Vafr66Yj8AI/AAAAAAAABVc/zpDKi2WZazs/s110-h85-c/Untitled.jpg
- http://2.##.#logspot.com/-eahJX2qYh1U/Vb9_g1bVbbI/AAAAAAAABWM/haDuN109HrU/s110-h85-c/Untitled.png
- http://3.##.#logspot.com/-QEk2H1nw2us/VgACWEktTqI/AAAAAAAABXM/XIB0LeLcyy4/s110-h85-c/Untitled.png
- http://2.##.#logspot.com/-Yv0jr8qIfz0/VjuGYEhcAMI/AAAAAAAABXk/H9f0iQjHwYQ/s110-h85-c/Untitled.png
- http://pr#####9.blogspot.com/feeds/posts/default/-/HON?pu########################################################################
- http://s1#.#istats.com/js15_as.js
- http://ba###r.bumq.com/system/html/0/ad_media_728x90.html
- http://ad####umq.bumq.com/transparent.gif
- http://ba####-b9.bumq.com/system/html/larrr/1/ad_vdo_300x250.mp4
- http://3.##.#logspot.com/-gpi0Xyo3A0o/VGjRla3pd0I/AAAAAAAAA8Y/pulYhyVcflk/s110-h85-c/897.png
- http://s1#.#istats.com/counters/cc_511.js
- http://www.go#####analytics.com/analytics.js
- http://2.##.#logspot.com/-tp_G6fLo_Ks/VIeS8QeGx6I/AAAAAAAAA_U/mNMohG0wrEk/s1600/77.png
- http://www.go#####analytics.com/r/collect?v=#####################################################################################################################################################...
- http://4.##.#logspot.com/-MyefahGLuD8/VCaIwsZqOhI/AAAAAAAAAx0/1u8QYdgWZRo/s1600/Untitled.png
- http://2.##.#logspot.com/-_m7r9Seni0I/VG42nQ8dreI/AAAAAAAAA9k/nP4_oHDEjBM/s1600/77-pro.jpg
- http://pr####.blogspot.com/feeds/posts/summary?al#########################################################
- http://4.##.#logspot.com/-FVK7Hj6gtuU/VD3sdpK9heI/AAAAAAAAA2Q/q8CTO0rnB6c/s1600/66666.png
- http://www.pi##ee.com/images/2013/12/22/ss8k50Y.png
- http://tr####r.bumq.com/_tracker.php?PN####################################################################################################################################################
- http://1.##.#logspot.com/-ezZ8pkSAmps/VDoKTsFrPLI/AAAAAAAAA1M/yvdAY42DxGQ/s1600/Untitled.png
- http://3.##.#logspot.com/-IvOw4ZRhcn4/VKWB-XkcutI/AAAAAAAABA4/XKltu-AVrEI/s1600/000000000000000.jpg
- http://4.##.#logspot.com/-PE4DGGi62Rc/UAV05DVyMbI/AAAAAAAAHrQ/acf9emv3Od4/s1600/bar-bg2.png
- http://1.##.#logspot.com/-jxemfWZZ39E/T_65sv622uI/AAAAAAAAHfQ/vaP9YXA0P5w/s1600/main-shadow.png
- http://1.##.#logspot.com/-sv3VBy8Tch0/T6UzB3zDYMI/AAAAAAAAA-Y/dVtCsOgvB_o/s1600/search_button.png
- http://4.##.#logspot.com/-OJVzg33wOVw/UAgpbr2g9II/AAAAAAAAHw8/maqEyMYy6NM/s1600/nav-bg.png
- http://www.fa###ook.com/plugins/like.php?hr##############################################################################################################################################
- http://www.pi##ee.com/images/2014/05/12/UntitledrFCjz.png
- http://1.##.#logspot.com/-cydjTUmm9Bg/T8y2rWHrMKI/AAAAAAAAGmU/EFEdYGPreTU/s1600/body-bg1.png
- http://co###ten.com/apu.php?zo##########
- http://im#.#dyim.com/ac/?Vm######################################################################################################################################################################...
- http://go.##clasrv.com/apu.php?zo##########
- http://s4.##stats.com/stats/e.php?16####################
- http://fo###.gstatic.com/s/ptsansnarrow/v11/BngRUXNadjH0qYEzV7ab-oWlsbCGwRk.eot
- http://fo###.gstatic.com/s/oswald/v31/TK3_WkUHHAIjg75cFRf3bXL8LICs1_FvsUZiYQ.eot
- http://st####.stats.in.th/stat.gif
- http://tr####r.stats.in.th/counter.php?re########################################################################################################################################################...
- http://pr#####9.blogspot.com/feeds/posts/summary?ma#######################################################
- http://st####.stats.in.th/tracker.js
- http://2.##.#logspot.com/-1XYmjvL6hzI/VGjRXxcrTOI/AAAAAAAAA8Q/1uW2f0HIzus/s110-h85-c/999999999.png
- http://s4.##stats.com/stats/0.php?24#############################################################################################################################################################...
- http://1.##.#logspot.com/-YgkX664irQU/VGjRAtMcv5I/AAAAAAAAA8I/VqNjWSUGLgg/s110-h85-c/11112366LlcK.png
- http://3.##.#logspot.com/-oZZ9XJaPpeM/VZeo4m5dnNI/AAAAAAAABUw/NE6axt7uBjM/w72-h72-p-k-no-nu/Untitled.png
- http://3.##.#logspot.com/-3Qs2TMXWlXw/VYRkMVCAd7I/AAAAAAAABTE/b-raC9Dbg40/s320/Untitled.jpg
- http://2.##.#logspot.com/-Yv0jr8qIfz0/VjuGYEhcAMI/AAAAAAAABXk/H9f0iQjHwYQ/w72-h72-p-k-no-nu/Untitled.png
- http://2.##.#logspot.com/-eahJX2qYh1U/Vb9_g1bVbbI/AAAAAAAABWM/haDuN109HrU/s320/Untitled.png
- http://2.##.#logspot.com/-Yv0jr8qIfz0/VjuGYEhcAMI/AAAAAAAABXk/H9f0iQjHwYQ/s1600/Untitled.png
- http://ba###r.bumq.com/affiliate/468x60_1.gif
- http://4.##.#logspot.com/-P8hlWgIXh0U/VWGY0qd-enI/AAAAAAAABNE/0Zo_S5P4FPg/w72-h72-p-k-no-nu/11109313_1436599799979846_1570874386345974726_o.jpg
- http://4.##.#logspot.com/-P8hlWgIXh0U/VWGY0qd-enI/AAAAAAAABNE/0Zo_S5P4FPg/s400/11109313_1436599799979846_1570874386345974726_o.jpg
- http://1.##.#logspot.com/-pwNwwxam5Us/VD3mmoPTV9I/AAAAAAAAA14/kfXVvo4kg8g/w72-h72-p-k-no-nu/SSFFFSSSDD.png
- http://1.##.#logspot.com/-x5t2_Ly4H5k/VZdj-ahZ5vI/AAAAAAAABUg/Y0DvZ9zCD78/s320/Untitled.png
- http://1.##.#logspot.com/-IZ48Zqj1Ezs/Vafr66Yj8AI/AAAAAAAABVc/zpDKi2WZazs/s320/Untitled.jpg
- http://www.bl##ger.com/img/icon18_edit_allbkg.gif
- http://pr#####9.blogspot.com/favicon.ico
- http://ad#.##dservice.com/t?id#################################################
- http://ad#.#umq.com/ad_show2.js
- http://ht######v.googlecode.com/svn/trunk/html5.js
- http://tr####r.stats.in.th/tracker.php?si#######
- http://aj##.#oogleapis.com/ajax/libs/jquery/1.10.1/jquery.min.js
- http://aj##.#oogleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js
- http://ma####.bootstrapcdn.com/font-awesome/4.2.0/css/font-awesome.min.css
- http://fo###.#oogleapis.com/css?fa###############################################################################################################################################################...
- http://pr#####9.blogspot.com/js/cookienotice.js
- http://aj##.#oogleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js
- http://fo###.#oogleapis.com/css?fa###################
- http://fo###.#oogleapis.com/css?fa###########
- http://pr#####9.blogspot.com/
- http://3.##.#logspot.com/-baeElH1_ifc/VXhT_t6M-1I/AAAAAAAABSw/eugVtRNEeF8/s640/11110561_898698990173872_4240845750773592757_o.jpg
- http://3.##.#logspot.com/-QEk2H1nw2us/VgACWEktTqI/AAAAAAAABXM/XIB0LeLcyy4/s400/Untitled.png
- http://1.##.#logspot.com/-hCBYeS7KW0M/U9xS7NsjQ0I/AAAAAAAAAsE/JtIYp5MkDdA/s110-h85-c/Untitled.png
- http://3.##.#logspot.com/-oZZ9XJaPpeM/VZeo4m5dnNI/AAAAAAAABUw/NE6axt7uBjM/s1600/Untitled.png
- http://4.##.#logspot.com/-NCes0ZDDJx4/U92-mfJY5gI/AAAAAAAAAsU/hk8gML9JB08/s110-h85-c/Untitled.png
- http://3.##.#logspot.com/-iavNJkvxXK0/VH7eXrEsiHI/AAAAAAAAA-k/36s2AT8I_k4/s110-h85-c/XS.jpg
- http://ba###r.bumq.com/system/html/0/ad_media_300x250.html
- http://pr#####9.blogspot.com/feeds/posts/default/-/XSHOT?pu########################################################################
- http://www.sp###mag100.com/photos/products/photos/mag_17jan13135230.jpg
- http://sh##.bumq.com/ad_show3.php?PN#############################################################################################################################################################...
- http://www.fa###ook.com/plugins/likebox.php?hr###################################################################################################################################################...
- http://www.fa###ook.com/LittleProTH
- http://fo###.gstatic.com/s/opensans/v17/mem5YaGs126MiZpBA-UNirkOUuhv.woff
- http://fo###.gstatic.com/s/nunito/v12/XRXV3I6Li01BKofINeaH.woff
- http://fo###.gstatic.com/s/opensans/v17/mem5YaGs126MiZpBA-UN7rgOUuhv.woff
- http://fo###.gstatic.com/s/opensans/v17/mem8YaGs126MiZpBA-UFVZ0d.woff
- http://cs#####or.a.cdnify.io/wp-content/themes/official/images/arrow_totop.png
- http://4.##.#logspot.com/-itrO4nBahsw/VDoJgbr57kI/AAAAAAAAA1E/QCaN5Y4jGOE/s110-h85-c/Untitled.png
- http://1.##.#logspot.com/-pwNwwxam5Us/VD3mmoPTV9I/AAAAAAAAA14/kfXVvo4kg8g/s110-h85-c/SSFFFSSSDD.png
- http://4.##.#logspot.com/-uaT3X4pvDu4/VFdKLqimZnI/AAAAAAAAA30/NGal1002hDU/s110-h85-c/Untitled.png
- http://1.##.#logspot.com/-C4zuVXQ60ZY/VG4z7wSD1_I/AAAAAAAAA9Y/_A9EvKyXTDg/s110-h85-c/999.png
- http://pr#####9.blogspot.com/feeds/posts/default/-/Special%20Force?pu########################################################################
- http://3.##.#logspot.com/-voFNGeEya-E/VSIRovjzfxI/AAAAAAAABJ8/WYdu1Fpe604/s110-h85-c/001.jpg
- http://4.##.#logspot.com/-P8hlWgIXh0U/VWGY0qd-enI/AAAAAAAABNE/0Zo_S5P4FPg/s110-h85-c/11109313_1436599799979846_1570874386345974726_o.jpg
- http://3.##.#logspot.com/-oZZ9XJaPpeM/VZeo4m5dnNI/AAAAAAAABUw/NE6axt7uBjM/s110-h85-c/Untitled.png
- http://tr####r.bumq.com/_tracker.php?PN######################################################################################################################################################
- http://co#####.facebook.net/en_US/all.js
- http://pr#####9.blogspot.com/feeds/posts/default/-/Point%20Blank?pu########################################################################
- http://3.##.#logspot.com/-voFNGeEya-E/VSIRovjzfxI/AAAAAAAABJ8/WYdu1Fpe604/w72-h72-p-k-no-nu/001.jpg
- http://1.##.#logspot.com/-SAaVA4rdDqc/VGjQltSIgpI/AAAAAAAAA8A/wC1sE-k6Gk0/s110-h85-c/UntitledjOCLZ.png
- http://3.##.#logspot.com/-ee8ENq4Ne_s/VEtWOZz7ZpI/AAAAAAAAA3M/k6kVQqdSoWg/s1600/9900.jpg
UDP
- DNS ASK pr####.blogspot.com
- DNS ASK cs#####or.a.cdnify.io
- DNS ASK sp###mag100.com
- DNS ASK fo###.gstatic.com
- DNS ASK fa###ook.com
- DNS ASK ba####-b9.bumq.com
- DNS ASK ad####umq.bumq.com
- DNS ASK s1#.#istats.com
- DNS ASK bi##.bumq.com
- DNS ASK st####.xx.fbcdn.net
- DNS ASK s4.##stats.com
- DNS ASK fb##n.net
- DNS ASK fb##x.com
- DNS ASK go#####analytics.com
- DNS ASK st####.stats.in.th
- DNS ASK pi###.facebook.com
- DNS ASK im#.#dyim.com
- DNS ASK go.##clasrv.com
- DNS ASK sh##.bumq.com
- DNS ASK co###ten.com
- DNS ASK tr####r.bumq.com
- DNS ASK 3.##.#logspot.com
- DNS ASK bl##ger.com
- DNS ASK fo###.#oogleapis.com
- DNS ASK pr#####9.blogspot.com
- DNS ASK aj##.#oogleapis.com
- DNS ASK google.com
- DNS ASK go###edrive.com
- DNS ASK ma####.bootstrapcdn.com
- DNS ASK ht######v.googlecode.com
- DNS ASK ad#.#umq.com
- DNS ASK ad#.##dservice.com
- DNS ASK tr####r.stats.in.th
- DNS ASK 1.##.#logspot.com
- DNS ASK lh#.####leusercontent.com
- DNS ASK 4.##.#logspot.com
- DNS ASK ba###r.bumq.com
- DNS ASK re#####es.blogblog.com
- DNS ASK 2.##.#logspot.com
- DNS ASK co#####.facebook.net
- DNS ASK pi##ee.com
Miscellaneous
Searches for the following windows
- ClassName: 'EDIT' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebCheckMonitor' WindowName: ''
Creates and executes the following
- '%TEMP%\pb-12.exe'
- '%TEMP%\ad1.exe'
Executes the following
- '%ProgramFiles%\mozilla firefox\firefox.exe' -osint -url "http://pr#####9.blogspot.com/"
- '%ProgramFiles%\mozilla firefox\firefox.exe' -osint -url "http://www.fa###ook.com/LittleProTH"
