FeaR server
(Not detected by AVP on August 2004)

by SNiPER

Written in Visual Basic, compressed with UPX

Released in August 2004

Made in Germany

more versions


server 




Server:
dropped files:
c:\WINDOWS\ijl10.dll           size: 52.224 bytes 
c:\WINDOWS\wintmp32.tmp.exe    size: 143.359 bytes 
c:\WINDOWS\XSBind.exe          size: 0 bytes 

port: 5231, 5232, 5233, 5234 TCP

added to registry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr"
data: 1 
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "WinLogonApplication32"
data: C:\WINDOWS\WINTMP32.TMP.exe 
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices "WinLogonApplication32"
data: C:\WINDOWS\WINTMP32.TMP.exe
MegaSecurity