Kakaroto's Troyan

Kakaroto's Troyan
(Backdoor.Win32.VB.ur for Client)
(Backdoor.Win32.VB.aly for Server)
(Trojan.Win32.Genome.ruu for Removedor.exe)

by Kakaroto

Written in Visual Basic

Released in August 2004


Server:
dropped file:
c:\WINDOWS\system32\Rumdll32.exe
size: 122,880 bytes 

port: 9966, 1793, 11112, 5253, 31111 TCP

startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Kernel32"
data: c:\windows\system32\Rumdll32.exe 


tested on Windows XP
February 19, 2006

MegaSecurity