Freddy K Beta 3 (b)
(Backdoor.Win32.Freddy.03.b)
(Trojan-Dropper.Win32.Joiner.r for server)

by Norinco

Written in Delphi

Released in December 2000

Made in Germany

more versions


Server:
dropped file:
C:\WINDOWS\winapi.exe 

size: 305.205 bytes

port: 22555, 25556 TCP

startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "winapi.exe" 

added:
c:\WINDOWS\winapi.dll 
c:\WINDOWS\TEMP\MicroNet.DLL 

MegaSecurity