CrazzyNet 5.2.1 full

CrazzyNet 5.2 full
(Backdoor.Win32.CrazyNet.51 for client)
(Backdoor.Win32.CrazyNet.375 for server)
(Backdoor.Win32.CrazyNet.52 for install.exe)

by CrAzzyWak

Written in Visual Basic

Released in November 2001

more versions


server:
dropped file:
c:\winstart.bat           size: 27 bytes 
c:\WINDOWS\Registry32.exe size: 108.600 bytes 

port: 17500, 17499 TCP

startup:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Reg32"
data: Registry32.exe
 
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows "run"
data: Registry32.exe
 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell"
data: Explorer.exe Registry32.exe 
	
tested on Windows XP

MegaSecurity