Technical Information
To ensure autorun and distribution
Sets the following service settings
- [<HKLM>\System\CurrentControlSet\Services\dfmirage] 'Start' = '00000001'
- [<HKLM>\System\CurrentControlSet\Services\dfmirage] 'ImagePath' = 'system32\DRIVERS\dfmirage.sys'
Creates the following services
- 'dfmirage' system32\DRIVERS\dfmirage.sys
Modifies file system
Creates the following files
- C:\users\public\documents\koino\manuallauncher\anysupport\manual_host_en\feedback.zip
- C:\users\public\documents\koino\manuallauncher\anysupport\manual_host_en\koinoasclient.zip
- C:\users\public\documents\koino\manuallauncher\anysupport\manual_host_en\koinoasclient.exe
- C:\users\public\documents\koino\manuallauncher\anysupport\manual_host_en\viewerlib.zip
- C:\users\public\documents\koino\manuallauncher\anysupport\manual_host_en\viewerlib.dll
- C:\users\public\documents\koino\manuallauncher\anysupport\manual_host_en\koinoavc.zip
- C:\users\public\documents\koino\manuallauncher\anysupport\manual_host_en\koinoavc.dll
- C:\users\public\documents\koino\manuallauncher\anysupport\manual_host_en\sx5363.zip
- C:\users\public\documents\koino\manuallauncher\anysupport\manual_host_en\sx5363.ini
- C:\users\public\documents\koino\manuallauncher\anysupport\manual_host_en\sx5363s.zip
- C:\users\public\documents\koino\manuallauncher\anysupport\manual_host_en\sx5363s.dll
- C:\users\public\documents\koino\manuallauncher\anysupport\manual_host_en\jpeglib.zip
- C:\users\public\documents\koino\manuallauncher\anysupport\manual_host_en\jpeglib.dll
- C:\users\public\documents\koino\manuallauncher\anysupport\manual_host_en\cliphelper.zip
- C:\users\public\documents\koino\manuallauncher\anysupport\manual_host_en\race\105\x86\dfmirage.dll
- C:\users\public\documents\koino\manuallauncher\anysupport\manual_host_en\race\105\x86\dfmirage.sys
- C:\users\public\documents\koino\manuallauncher\anysupport\manual_host_en\cliphelper.exe
- C:\users\public\documents\koino\manuallauncher\anysupport\manual_host_en\sas.zip
- <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\oem2.cat
- %TEMP%\{7205a089-0efa-7cc1-c09d-6d499b50a820}\set8519.tmp
- %TEMP%\{7205a089-0efa-7cc1-c09d-6d499b50a820}\set8400.tmp
- %TEMP%\{7205a089-0efa-7cc1-c09d-6d499b50a820}\x64\set8279.tmp
- %TEMP%\{7205a089-0efa-7cc1-c09d-6d499b50a820}\x64\set8120.tmp
- C:\users\public\documents\koino\manuallauncher\anysupport\manual_host_en\race\mirrinst32.exe
- C:\users\public\documents\koino\manuallauncher\anysupport\manual_host_en\uichat.exe
- C:\users\public\documents\koino\manuallauncher\anysupport\manual_host_en\mobileftclient.exe
- C:\users\public\documents\koino\manuallauncher\anysupport\manual_host_en\mobileftclient.zip
- C:\users\public\documents\koino\manuallauncher\anysupport\manual_host_en\setup_krp.exe
- C:\users\public\documents\koino\manuallauncher\anysupport\manual_host_en\setup_krp.zip
- C:\users\public\documents\koino\manuallauncher\anysupport\manual_host_en\krpproc.exe
- C:\users\public\documents\koino\manuallauncher\anysupport\manual_host_en\krpproc.zip
- C:\users\public\documents\koino\manuallauncher\anysupport\manual_host_en\sas.dll
- C:\users\public\documents\koino\manuallauncher\anysupport\manual_host_en\race\105\x64\dfmirage.sys
- C:\users\public\documents\koino\manuallauncher\anysupport\manual_host_en\race\105\x64\dfmirage.dll
- C:\users\public\documents\koino\manuallauncher\anysupport\manual_host_en\race\105\dfmirage.inf
- C:\users\public\documents\koino\manuallauncher\anysupport\manual_host_en\hostlib1.zip
- C:\users\public\documents\koino\manuallauncher\anysupport\manual_host_en\hostlib1.dll
- C:\users\public\documents\koino\manuallauncher\anysupport\manual_host_en\hostlib2.zip
- C:\users\public\documents\koino\manuallauncher\anysupport\manual_host_en\hostlib2.dll
- C:\users\public\documents\koino\manuallauncher\anysupport\manual_host_en\koinoftserver.zip
- C:\users\public\documents\koino\manuallauncher\anysupport\manual_host_en\koinoftserver.exe
- C:\users\public\documents\koino\manuallauncher\anysupport\manual_host_en\koinoftclient.zip
- C:\users\public\documents\koino\manuallauncher\anysupport\manual_host_en\koinoftclient.exe
- C:\users\public\documents\koino\manuallauncher\anysupport\manual_host_en\koinohost.zip
- C:\users\public\documents\koino\manuallauncher\anysupport\manual_host_en\koinohost.exe
- C:\users\public\documents\koino\manuallauncher\anysupport\manual_host_en\koinossserver.zip
- C:\users\public\documents\koino\manuallauncher\anysupport\manual_host_en\koinossserver.exe
- C:\users\public\documents\koino\manuallauncher\anysupport\manual_host_en\psapi.zip
- C:\users\public\documents\koino\manuallauncher\anysupport\manual_host_en\psapi.dll
- C:\users\public\documents\koino\manuallauncher\anysupport\manual_host_en\feedback.exe
- C:\users\public\documents\koino\manuallauncher\anysupport\manual_host_en\koinoftserverdll.zip
- C:\users\public\documents\koino\manuallauncher\anysupport\manual_host_en\race\105\dfmirage.cat
- C:\users\public\documents\koino\manuallauncher\anysupport\manual_host_en\koinoftserverdll.dll
- C:\users\public\documents\koino\manuallauncher\anysupport\manual_host_en\koinoftclientdll.zip
- C:\users\public\documents\koino\manuallauncher\anysupport\manual_host_en\koinoftclientdll.dll
- C:\users\public\documents\koino\manuallauncher\anysupport\manual_host_en\kassvcmgr.zip
- C:\users\public\documents\koino\manuallauncher\anysupport\manual_host_en\kassvcmgr.exe
- C:\users\public\documents\koino\manuallauncher\anysupport\manual_host_en\race.zip
- C:\users\public\documents\koino\manuallauncher\anysupport\manual_host_en\uichat.zip
- C:\users\public\documents\koino\manuallauncher\anysupport\manual_host_en\race\install.cmd
- %WINDIR%\inf\oem2.pnf
- C:\users\public\documents\koino\manuallauncher\anysupport\manual_host_en\race\uninstall.cmd
- C:\users\public\documents\koino\manuallauncher\anysupport\manual_host_en\race\068\dfmirage.cat
- C:\users\public\documents\koino\manuallauncher\anysupport\manual_host_en\race\068\dfmirage.dll
- C:\users\public\documents\koino\manuallauncher\anysupport\manual_host_en\race\068\dfmirage.inf
- C:\users\public\documents\koino\manuallauncher\anysupport\manual_host_en\race\068\dfmirage.sys
- C:\users\public\documents\koino\manuallauncher\anysupport\manual_host_en\race\mirrinst64.exe
- %WINDIR%\temp\udd1f.tmp
Sets the 'hidden' attribute to the following files
- <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\oem2.cat
Deletes the following files
- C:\users\public\documents\koino\manuallauncher\anysupport\manual_host_en\feedback.zip
- %TEMP%\{7205a089-0efa-7cc1-c09d-6d499b50a820}\x64\dfmirage.dll
- %TEMP%\{7205a089-0efa-7cc1-c09d-6d499b50a820}\dfmirage.inf
- %TEMP%\{7205a089-0efa-7cc1-c09d-6d499b50a820}\dfmirage.cat
- C:\users\public\documents\koino\manuallauncher\anysupport\manual_host_en\uichat.zip
- C:\users\public\documents\koino\manuallauncher\anysupport\manual_host_en\mobileftclient.zip
- C:\users\public\documents\koino\manuallauncher\anysupport\manual_host_en\setup_krp.zip
- C:\users\public\documents\koino\manuallauncher\anysupport\manual_host_en\krpproc.zip
- C:\users\public\documents\koino\manuallauncher\anysupport\manual_host_en\sas.zip
- C:\users\public\documents\koino\manuallauncher\anysupport\manual_host_en\cliphelper.zip
- C:\users\public\documents\koino\manuallauncher\anysupport\manual_host_en\jpeglib.zip
- C:\users\public\documents\koino\manuallauncher\anysupport\manual_host_en\sx5363s.zip
- C:\users\public\documents\koino\manuallauncher\anysupport\manual_host_en\sx5363.zip
- %TEMP%\{7205a089-0efa-7cc1-c09d-6d499b50a820}\x64\dfmirage.sys
- C:\users\public\documents\koino\manuallauncher\anysupport\manual_host_en\koinoavc.zip
- C:\users\public\documents\koino\manuallauncher\anysupport\manual_host_en\koinoasclient.zip
- C:\users\public\documents\koino\manuallauncher\anysupport\manual_host_en\race.zip
- C:\users\public\documents\koino\manuallauncher\anysupport\manual_host_en\kassvcmgr.zip
- C:\users\public\documents\koino\manuallauncher\anysupport\manual_host_en\koinoftclientdll.zip
- C:\users\public\documents\koino\manuallauncher\anysupport\manual_host_en\koinoftserverdll.zip
- C:\users\public\documents\koino\manuallauncher\anysupport\manual_host_en\psapi.zip
- C:\users\public\documents\koino\manuallauncher\anysupport\manual_host_en\koinossserver.zip
- C:\users\public\documents\koino\manuallauncher\anysupport\manual_host_en\koinohost.zip
- C:\users\public\documents\koino\manuallauncher\anysupport\manual_host_en\koinoftclient.zip
- C:\users\public\documents\koino\manuallauncher\anysupport\manual_host_en\koinoftserver.zip
- C:\users\public\documents\koino\manuallauncher\anysupport\manual_host_en\hostlib2.zip
- C:\users\public\documents\koino\manuallauncher\anysupport\manual_host_en\hostlib1.zip
- C:\users\public\documents\koino\manuallauncher\anysupport\manual_host_en\viewerlib.zip
- %WINDIR%\temp\udd1f.tmp
Moves the following files
- from %TEMP%\{7205a089-0efa-7cc1-c09d-6d499b50a820}\x64\set8120.tmp to %TEMP%\{7205a089-0efa-7cc1-c09d-6d499b50a820}\x64\dfmirage.dll
- from %TEMP%\{7205a089-0efa-7cc1-c09d-6d499b50a820}\x64\set8279.tmp to %TEMP%\{7205a089-0efa-7cc1-c09d-6d499b50a820}\x64\dfmirage.sys
- from %TEMP%\{7205a089-0efa-7cc1-c09d-6d499b50a820}\set8400.tmp to %TEMP%\{7205a089-0efa-7cc1-c09d-6d499b50a820}\dfmirage.cat
- from %TEMP%\{7205a089-0efa-7cc1-c09d-6d499b50a820}\set8519.tmp to %TEMP%\{7205a089-0efa-7cc1-c09d-6d499b50a820}\dfmirage.inf
Modifies the following files
Network activity
Connects to
- '73#.co.kr':443
- 'microsoft.com':80
- '73#.co.kr':80
TCP
HTTP GET requests
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- http://73#.co.kr/download/customer/program_en/2.0.9.7//setup_krp.zip
- http://73#.co.kr/download/customer/program_en/2.0.9.7//krpproc.zip
- http://73#.co.kr/download/customer/program_en/2.0.9.7//Sas.zip
- http://73#.co.kr/download/customer/program_en/2.0.9.7//ClipHelper.zip
- http://73#.co.kr/download/customer/program_en/2.0.9.7//JPEGLib.zip
- http://73#.co.kr/download/customer/program_en/2.0.9.7//SX5363S.zip
- http://73#.co.kr/download/customer/program_en/2.0.9.7//Sx5363.zip
- http://73#.co.kr/download/customer/program_en/2.0.9.7//KoinoAVC.zip
- http://73#.co.kr/download/customer/program_en/2.0.9.7//ViewerLib.zip
- http://73#.co.kr/download/customer/program_en/2.0.9.7//KoinoASClient.zip
- http://73#.co.kr/download/customer/program_en/2.0.9.7//RACE.zip
- http://73#.co.kr/download/customer/program_en/2.0.9.7//MobileFTClient.zip
- http://73#.co.kr/download/customer/program_en/2.0.9.7//KASSvcMgr.zip
- http://73#.co.kr/download/customer/program_en/2.0.9.7//KoinoFTServerDLL.zip
- http://73#.co.kr/download/customer/program_en/2.0.9.7//PSAPI.zip
- http://73#.co.kr/download/customer/program_en/2.0.9.7//KoinoSSServer.zip
- http://73#.co.kr/download/customer/program_en/2.0.9.7//KoinoHost.zip
- http://73#.co.kr/download/customer/program_en/2.0.9.7//KoinoFTClient.zip
- http://73#.co.kr/download/customer/program_en/2.0.9.7//KoinoFTServer.zip
- http://73#.co.kr/download/customer/program_en/2.0.9.7//HostLib2.zip
- http://73#.co.kr/download/customer/program_en/2.0.9.7//HostLib1.zip
- http://73#.co.kr/download/customer/program_en/2.0.9.7//feedback.zip
- http://73#.co.kr/download/customer/program_en/2.0.9.7/filelist.txt
- http://73#.co.kr/download/customer/program_en/version.html
- http://73#.co.kr/download/customer/program_en/2.0.9.7//KoinoFTClientDLL.zip
- http://73#.co.kr/download/customer/program_en/2.0.9.7//UIChat.zip
Other
- '73#.co.kr':443
UDP
- DNS ASK 73#.co.kr
- DNS ASK microsoft.com
Miscellaneous
Creates and executes the following
- 'C:\users\public\documents\koino\manuallauncher\anysupport\manual_host_en\race\mirrinst64.exe' -i "dfmirage" "Mirage Driver" "C:\Users\Public\Documents\Koino\ManualLauncher\AnySupport\MANUAL_HOST_EN\RACE\105\" "C:\Users\Public\Documents\Koino\ManualLauncher\AnySupport\MANUAL_HOST_EN\RACE...
- '%WINDIR%\syswow64\cmd.exe' /C "C:\Users\Public\Documents\Koino\ManualLauncher\AnySupport\MANUAL_HOST_EN\RACE\Install.cmd"' (with hidden window)
Executes the following
- '%WINDIR%\syswow64\cmd.exe' /C "C:\Users\Public\Documents\Koino\ManualLauncher\AnySupport\MANUAL_HOST_EN\RACE\Install.cmd"
- '%WINDIR%\syswow64\cmd.exe' /S /D /c" ver "
- '%WINDIR%\syswow64\find.exe' "5.0"
- '%WINDIR%\syswow64\find.exe' "5.1"
