Hanky Panky 1.2

Hanky Panky 1.2
(Backdoor.Win32.Hankydor.10 for EditServer)
(not-a-virus:AdWare.WinAD.r for AdManComm.dll)
(not-a-virus:AdWare.WinAD.k)
(Not detected by KAV for Server on September 12, 2005)

by Dayz

Written in Visual Basic

Released in December 2003

more versions




Client:
dropped files:
c:\Program Files\Admanager Controller\AdManComm.dll  size: 62.976 bytes 
c:\Program Files\Admanager Controller\AdManCtl.exe   size: 26.112 bytes 
c:\Program Files\Admanager Controller\AdManKeep.exe  size: 17.920 bytes 
c:\WINDOWS\Downloaded Program Files\AdManCtlX.dll    size: 23.552 bytes 
c:\WINDOWS\SYSTEM\ide21201.vxd                       size: 4.720 bytes 

port: 8086 TCP

added to registry:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "Admanager Controller"
data: C:\PROGRAM FILES\ADMANAGER CONTROLLER\ADMANCTL.EXE 

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Admanager Controller "UninstallString"
data: C:\PROGRAM FILES\ADMANAGER CONTROLLER\ADMANCTL.EXE /Remove 





Server:
dropped file:
c:\WINDOWS\WinxTV.exe
size: 143.360 bytes 

port: 1941, 1942, 1945, 59 TCP

startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "WINXTV"
data: C:\WINDOWS\WinxTV.exe 



tested on Windows 98
January 14, 2005

MegaSecurity