Krepper (f)
(Backdoor.Win32.Krepper.f)

by ?

Compressed / protected with Armadillo

more versions 


dropped file:
c:\WINDOWS\system32\kernel32.exe 
size: 876,544 bytes 

port: 211, 1180 TCP

added to registry:
HKEY_CLASSES_ROOT\CLSID\{BB258289-99BE-0C16-4AF0-95144AF09514}\InprocServer32 
HKEY_LOCAL_MACHINE\SOFTWARE\Licenses 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RFC1156Agent\CurrentVersion\Parameters 
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Windows Management\Security 
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\. 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Windows Management\Security 


tested on Windows XP
December 18, 2005
MegaSecurity