by Hardkore Virus Labs - Blood Fest
aka HvL-Rat
Written in Visual Basic
Server: dropped files: c:\WINDOWS\SYSTEM\ .exe size: 424.997 bytes (Backdoor.AcidShiver.504) c:\WINDOWS\SYSTEM\winmm.exe size: 50.213 bytes (Not detected by AVP on January 05, 2005) port: 1091, 1095, 1097, 1098, 1099 TCP added to registry: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "(Default)" data: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices "(Default)" data: tested on Windows 98 January 05, 2005MegaSecurity