by Danil
Compressed with ASPack
Made in Ukrainia
Server:
dropped files:
c:\WINDOWS\system32\dtrV.dat size: 45 bytes
c:\WINDOWS\system32\DtrVk.dll size: 5.120 bytes
c:\WINDOWS\system32\nbsystem.dll size: 3.072 bytes
c:\WINDOWS\system32\NBSYSTEM.EXE size: 41.984 bytes
port: 10001 TCP
added to registry:
HKEY_CLASSES_ROOT\CLSID\{0F0D027B-B640-4C21-A938-5819495CE53A}\InProcServer32 "(Default)"
data: nbsystem.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad "NBSYSTEM"
data: {0F0D027B-B640-4C21-A938-5819495CE53A}
tested on Windows XP
November 19, 2004
MegaSecurity