DTr 1.4.4 (e)

DTr 1.4.4 (e) server
(Backdoor.Win32.DTR.144.e)

by Danil

Compressed with ASPack

Made in Ukrainia


  

Server:
dropped files:
c:\WINDOWS\system32\dtrIV.dat
size: 5 bytes
 
c:\WINDOWS\system32\DtrIVk.dll
size: 5.120 bytes
 
c:\WINDOWS\system32\NBSYSTEM.EXE
size: 38.912 bytes 

port: 10001 TCP

startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "nbsession"
data: NBSYSTEM.EXE 
	
tested on Windows XP
November 22, 2004

MegaSecurity