BadrSocket 3.7
(Not detected by KAV on December 20, 2006)

by B@dr007

Released in November 2006

Made in France

more versions 





Server: 
dropped files:
c:\system.exe    Size: 30,403 bytes 
c:\Documents and Settings\%user%\Local Settings\Temp\IXP001.TMP\loost.EXE    Size: 112,640 bytes 
c:\Documents and Settings\%user%\Local Settings\Temp\IXP001.TMP\vook.exe     Size: 30,403 bytes 

port: 3500 TCP

added to registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce "wextract_cleanup1"
data: rundll32.exe C:\WINDOWS\System32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\%user%\LOCALS~1\Temp\IXP001.TMP\" 



tested on Windows XP
December 20, 2006
MegaSecurity