Additional Details
Upon execution, this malware creates a copy of itself at the following location:
• %windir%\system\internat.exe
It then creates a BAT file that will be used to delete the original file executed by user.
It will then create the following processes:
• %windir%\system\internat.exe
• %programfiles%\Internet Explorer\IEXPLORE.EXE
The file called internat.exe is the malware's own process.
It attempts to download additional files from the following URLs:
• http://www.smsunionmm.com/107/tj.htm
• http://www.smsunionmm.com/107/tj10.htm
Note: The URLs were offline during our period of investigation.