GunBot (g)
(Backdoor.Win32.Gunbot.g)

by Franck

Written in Microsoft Visual C++, Compressed with tELock 0.98

more versions



dropped files:
c:\Documents and Settings\%user%\Local Settings\Temp\GunBot.exe
size: 44,544 bytes 

c:\WINDOWS\system32\kernl32.exe
size: 84,480 bytes 

startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce "kernel32"
data: C:\WINDOWS\System32\kernl32.exe -sys 

attempts to connect to an IRC Server


tested on Windows XP
December 12, 2005
MegaSecurity