by Franck
Written in Microsoft Visual C++, Compressed with tELock 0.98
dropped files:
c:\Documents and Settings\%user%\Local Settings\Temp\RarSFX0\GunBot.exe
Size: 32,768 bytes
c:\Documents and Settings\%user%\Local Settings\Temp\RarSFX0\rinst.exe
Size: 7,680 bytes
c:\WINDOWS\system32\bpk.exe Size: 397,312 bytes
c:\WINDOWS\system32\bpkhk.dll Size: 8,704 bytes
c:\WINDOWS\system32\bpkr.exe Size: 7,680 bytes
c:\WINDOWS\system32\bpkwb.dll Size: 40,960 bytes
c:\WINDOWS\system32\inst.dat Size: 996 bytes
c:\WINDOWS\system32\pk.bin Size: 3,940 bytes
added to registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "bpk"
data: C:\WINDOWS\SYSTEM32\bpk.exe
HKEY_CLASSES_ROOT\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}
HKEY_CLASSES_ROOT\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}
HKEY_CLASSES_ROOT\PK.IE
HKEY_CLASSES_ROOT\TypeLib\{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_STISVC\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\C
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_STISVC\0000\Control
tested on Windows XP
November 29, 2005
MegaSecurity