Beast 2.06
(Backdoor.Win32.Beastdoor.205)
(Backdoor.Win32.Beastdoor.p)

by Tataye

Written in Delphi

Released in February 2004

Made in Rumania

more versions 


New features:
   - the servers are working with restricted users on NT (XP)
   - NT Services Manager
   - chat :P
   - delay execution (at a specific date or after reboots)
   - ICQ2003b password support
   - system time management

Improvements:
   - server is packable/unpackable :P
   - configurable SIN timeout
   - support for DWORD values in the Registry Manager
   - better CGI & Email notifications
   - ICQ, CGI & Email notifications are working with SIN
   - better DialUp password retrieval
   - more reliable transfers
   - better reverse connection
   - view/change folder attributes (FileManager)
   - 2 modes (hidden or visible) for running files (FileManager)
   - etc.

Fixes:
   - no more error messages with SIN and on slow connections
   - GUI related 
   - etc.

Important:
   - with beast 2.06 you can connect to 2.05 servers, but not all the functions will work properly
   - on a machine is allowed only 1 beast server, doesn't matter what version
 
Tataye   


Client:
registry added:
HKEY_CLASSES_ROOT\.bad 
HKEY_CLASSES_ROOT\.bst 
HKEY_CLASSES_ROOT\BeastFile 
HKEY_CLASSES_ROOT\BeastFile\DefaultIcon 
HKEY_CLASSES_ROOT\BeastFile\shell 
HKEY_CLASSES_ROOT\BeastFile\shell\open 
HKEY_CLASSES_ROOT\BeastFile\shell\open\command 
HKEY_CLASSES_ROOT\BeastFile1 
HKEY_CLASSES_ROOT\BeastFile1\DefaultIcon 
HKEY_CLASSES_ROOT\BeastFile1\shell 
HKEY_CLASSES_ROOT\BeastFile1\shell\open 
HKEY_CLASSES_ROOT\BeastFile1\shell\open\command 



Server:
dropped files:
c:\WINDOWS\svchost.exe 
c:\WINDOWS\COMMAND\mslowb.com 
c:\WINDOWS\SYSTEM\mswmcw.com 

size: 30.805 bytes
 
port: 6666 TCP

startup:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "COM Service" 
data: C:\WINDOWS\COMMAND\mslowb.com 
HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{42CE4021-DE03-E3CC-EA32-40BB12E6015D} "StubPath" 
data: C:\WINDOWS\SYSTEM\mswmcw.com 
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "COM Service" 
data: C:\WINDOWS\COMMAND\mslowb.com 

dropped files:
c:\WINDOWS\svchost.exe 
c:\WINDOWS\COMMAND\mslowb.com 
c:\WINDOWS\SYSTEM\mslg.blf 
c:\WINDOWS\SYSTEM\mswmcw.com
MegaSecurity