Brmoda 1.01

Brmoda 1.01
(Backdoor.Win32.Bifrose.qbx for msnmsgrs.exe)
(Constructor.Win32.SlhBack.a for dropped server.exe)
(Trojan-Spy.Win32.Delf.cno for Server.exe)

by ?

Released in March 2008

Made in The Middle East


Client
Dropped Files:
c:\msnmsgrs.exe                   Size: 83,131 bytes 
c:\WINDOWS\system32\server.exe    Size: 35,437 bytes 

Added to Registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A9260CCB-B2B6-7B3B-D778-C92DBC5AEE18} "StubPath"
Data: C:\WINDOWS\system32\server.exe 




Server
c:\WINDOWS\csrss.exe      Size: 352,256 bytes 
c:\WINDOWS\winlogs.dll    Size: 168 bytes 

Added to Registr:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "svhost"
Data: C:\WINDOWS\csrss.exe 	
	
	

Tested on Windows XP
April 14, 2008

MegaSecurity