IMP-Keylogger 2.0

IMP-Keylogger 2.0
(Not detected by KAV on July 04, 2006)

by Amir_Coder

Written in Delphi

Released in June 2006


Server:
dropped files:
c:\WINDOWS\unlite.exe                    Size: 24,546 bytes 
c:\WINDOWS\system32\Display01.dll        Size: 28,672 bytes 
c:\WINDOWS\system32\winnt\service.exe    Size: 24,546 bytes 

added to registry:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools"
data: 0 

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr"
data: -1 

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Media Center Update"
data: C:\WINDOWS\unlite.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2bf41072-b2b1-21c1-b5c1-0305f4155515} "StubPath"
data: C:\WINDOWS\unlite.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings "Media Center Update"
data: C:\Documents and Settings\%user%\Desktop\Mahdi-Keylogger\Mahdi-Keylogger\server.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "DisableRegistryTools"
data: 0 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "DisableTaskMgr"
data: -1 



tested on Windows XP
June 25, 2006

MegaSecurity