Once installed, the security risk creates the following files:
- %ProgramFiles%\e-jihad3
- %ProgramFiles%\e-jihad3\e-Jihad.exe (detected as Hacktool.Dahij)
- %ProgramFiles%\e-jihad3\MSWINSCK.OCX (clean library file)
- %ProgramFiles%\e-jihad3\unins000.dat (clean data file)
- %ProgramFiles%\e-jihad3\unins000.exe (clean uninstaller)
The security risk adds uninstall information as well as additions to the Start Menu on the compromised computer.
The security risk communicates with the following sites:
- [http://]al-jinan.net/ntar[REMOVED]
- [http://]al-jinan.net/tlog[REMOVED]
- [http://]a1-jinan.net/tnew[REMOVED]
- [http://]arddra.host.sk/ntar[REMOVED]
- [http://]www.jo-uf.net/ntar[REMOVED]
- [http://]www.jofpmuytrvcf.com/ntar[REMOVED]
Note: At the time of writing, the remote locations were unavailable.
If the security risk connects to the remote locations, it may download additional files.
The security risk requires a login to function.
