by Xiao5
Written in Visual Basic, compressed with ASPack
Made in China
Dropped Files:
c:\WINDOWS\system32\Exp1orer.exe size: 65,024 bytes
c:\WINDOWS\system32\Internet.exe size: 65,024 bytes
c:\WINDOWS\system32\N0TEPAD.exe size: 65,024 bytes
c:\WINDOWS\system32\SystemTray.exe size: 65,024 bytes
c:\WINDOWS\system32\W1dap32.dll size: 109,248 bytes
port: 7744 TCP
added to registry:
HKEY_CLASSES_ROOT\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}
HKEY_CLASSES_ROOT\exefile\shell\open\command "(Default)"
old data: "%1" %*
new data: "C:\WINDOWS\System32\Exp1orer.exe" %1 %*
HKEY_CLASSES_ROOT\txtfile\shell\open\command "(Default)"
old data: %SystemRoot%\system32\NOTEPAD.EXE %1
new data: "C:\WINDOWS\System32\N0TEPAD.exe" %1
tested on Windows XP
March23, 2005
MegaSecurity