Beast 1.7 final (1)
(Backdoor.Win32.BeastDoor.17 for 3 dropped files)

by Tataye

See Ulysses

Written in Delphi, compressed with ASPack

Released in October 2002

Made in Rumania

more versions 




dropped files:
c:\WINNT\Help\msserv.chm     size: 176.161 bytes   (Backdoor.BeastDoor.17)
c:\WINNT\system32\kb.tlg     size: 348 bytes 
c:\WINNT\system32\mshost.exe size: 176.161 bytes   (Backdoor.BeastDoor.17)
c:\WINNT\system32\nipaa.exe  size: 167.439 bytes   (Backdoor.BeastDoor.17)

port: 666 TCP

added to registry:
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints\C\_DriveFlags
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints\C\_GFA
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints\C\_GVI
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NIPADAN\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NIPAdAn\Enum
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NIPAdAn\Security
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NIPADAN\0000\Control
HHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NIPAdAn\Enum
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NIPAdAn\Security 

tested on Win2000
MegaSecurity