When the Trojan is executed, it may create the following files:
The Trojan creates the following mutex so that only one instance of the threat executes on the computer:
A possible mutex would be MYSERV354, for instance.
The Trojan steals operating system and network adapter information from the compromised computer and sends it to the following domain:
Symantec Security Response encourages all users and administrators to adhere to the following basic security "best practices":