While other parts of DuQu are written in the C++ programming language and are compiled with Microsoft’s Visual C++ 2008, this part is not, according to Alexander Gostev, chief security expert at Kaspersky Lab. Gostev and his team have also determined that it’s not Objective C, Java, Python, Ada, Lua or many other languages they know.
The module is an important part of DuQu’s payload — which is the part of DuQu that performs malicious functions once it’s on an infected machine. The module allows DuQu’s DLL file to operate completely independent of other DuQu modules. It also takes data stolen from infected machines and transmits it to command-and-control servers and has the ability to distribute additional malicious payloads to other machines on a network, in order to spread the infection.