Buschtrommel 1.0
(Backdoor.Win32.Bushtrommel.a)
(Backdoor.Win32.Bushtrommel.b)

by Natok

Written in Delphi

Made in Germany

more versions 


Buschtrommel can disable or change the settings
of some Firewall and AntiVirus programs.


Server:
dropped file:
C:\WINDOWS\SERVER.EXE 

size: 156 KB

port: 31745 TCP

startup:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
MegaSecurity