FirstFantasy Beta 1.2
(Trojan-Dropper.Win32.Delf.ame)
(Trojan-PSW.Win32.OnLineGames.lcz for Server)

by Amoeba

Released in December 2007

Made in China

more versions


Server
Dropped Files:
c:\WINDOWS\F_Server.dll    Size: 130,560 bytes 
c:\WINDOWS\F_Server.exe    Size: 85,504 bytes  

Added to Registry:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_FIRSTFANTASY_SERVICE\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FirstFantasy_Service\Enum
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FirstFantasy_Service\Security
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FIRSTFANTASY_SERVICE\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FirstFantasy_Service\Enum
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FirstFantasy_Service\Security




Tested on Windows XP
December 29, 2007

MegaSecurity