Beast 2.01 (b)

Beast 2.01 (b)
compiled july 02, 2003
(Backdoor.Win32.Beastdoor.201.a for Client)
(Backdoor.Win32.Beastdoor.201.b for Server)

by Tataye

Successor of Ulysses

Written in Delphi

Released in July 2003

Made in Rumania

more versions




Client:
registry keys added:
HKEY_CLASSES_ROOT\.bad 
HKEY_CLASSES_ROOT\.bst 
HKEY_CLASSES_ROOT\BeastFile 
HKEY_CLASSES_ROOT\BeastFile\DefaultIcon 
HKEY_CLASSES_ROOT\BeastFile\shell 
HKEY_CLASSES_ROOT\BeastFile\shell\open 
HKEY_CLASSES_ROOT\BeastFile\shell\open\command 
HKEY_CLASSES_ROOT\BeastFile1 
HKEY_CLASSES_ROOT\BeastFile1\DefaultIcon 
HKEY_CLASSES_ROOT\BeastFile1\shell 
HKEY_CLASSES_ROOT\BeastFile1\shell\open 
HKEY_CLASSES_ROOT\BeastFile1\shell\open\command 



Server:
dropped files:
c:\WINDOWS\SVCHOST.EXE 
c:\WINDOWS\COMMAND\msaria.com 
c:\WINDOWS\SYSTEM\mspfgf.com 

size: 52.224 bytes

port: 6666 TCP

startup:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "COM Service" 
HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{44CC0112-AB51-22EF-BA32-20AA12E6115C} "StubPath" 
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "COM Service" 

added:
c:\WINDOWS\SYSTEM\qmqr.blf 

HKEY_CURRENT_USER\Software\Microsoft\RAS Autodial\Control "LoginSessionDisable"

MegaSecurity