ICMP-Cmd 1.0

ICMP-Cmd 1.0
(Backdoor.Win32.IcmpCmd.10)

by gxisone

Compressed with ASPack

Released in August 2003




Server:
dropped file:
c:\WINNT\system32\ntkrnl.exe 

size: 11.776 bytes 

startup:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NTKRNL 
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NTKRNL\0000 
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NTKRNL\0000\Control 
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ntkrnl 
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ntkrnl\Enum 
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ntkrnl\Security 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NTKRNL 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NTKRNL\0000 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NTKRNL\0000\Control 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ntkrnl 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ntkrnl\Enum 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ntkrnl\Security 


remark:
tested on Win2000

MegaSecurity