Infection
infects files by prepending its virus code to executable files
다수의 EXE 실행 파일 변조 (Modifiy)
Communication
infects files by prepending its virus code to executable files
Indicator of Compromise
1. C:\WINDOWS\svchost.com
2. HKLM\SOFTWARE\Classes\exefile\shell\open\command\: "C:\WINDOWS\svchost.com
3. MutexObject Name: MutexPolesskayaGlush
Reference : http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Virus:Win32/Neshta.A#tab=2