Technical Details

This Trojan program has Adware functionality. It is 76800 bytes in size, packed using UPX.

When launching, it copies itself to %WINDIR%\System32 under a random name. It registers this file in the system registry to ensure that the file will be launched each time Windows is rebooted on the victim machine.

It is able to update itself over the Internet.

The Trojan will synchronize itself with the following NTP servers in order to check the time.

It tracks user actions and harvests a range of information.

The program contains the following text strings: