Tuesday, July 5, 2016

Quick Post - DNS changer VBS

This sample was shared by a user on twitter - Malwr link

On decoding, the script looks like,

The above script does a UAC elevation first and then proceeds to download the malware. Before downloading the malware the script changes the DNS entries of the local machine - using “SetDNSServerSearchOrder” (in each and every network adapter) - Interesting!.

Whois information about the host from "whoisdomaintools.com".

No comments:

Post a Comment