Interessing malware
here some infos i got from the exe:
a.ip-163.com DNS_TYPE_A 174.139.61.74
what it does:
Write to foreign memory areas: This executable tampers with the execution of another process.
Performs File Modification and Destruction: The executable modifies and destructs files which are not temporary.
Start/Install windows service: This executable starts a windows service. Services have the highest level of privilege in Windows, and are thus useful for a number of malicious purposes.
Autostart capabilities: This executable registers processes to be executed at system start. This could result in unwanted actions to be performed automatically.
Creates files in the Windows system directory: Malware often keeps copies of itself in the Windows directory to stay undetected by users.
Execution did not terminate correctly: The executable crashed.
Modify system files: This executable modifies files in the windows system directories.
Spawns Processes: The executable produces processes during the execution.
Performs Registry Activities: The executable creates and/or modifies registry entries.
exe file if someone want to search inside
hosting infos:
http://whois.domaintools.com/174.139.61.74