LaLa Rat 1.0

LaLa Rat 1.0
(Backdoor.Win32.Agent.gip for Client)
(Backdoor.Win32.Agent.tcd for Server)
(Backdoor.Win32.Agent.gio for yinhu.dll)

by La VozR

more versions


Server
Dropped Files:
c:\WINDOWS\system32\yinhu.bat    Size: 47 bytes 
c:\WINDOWS\system32\yinhu.dll    Size: 61,440 bytes 

Added to Registry:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_IPRIP\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IPRIP\Enum
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IPRIP\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IPRIP\Security
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_IPRIP\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPRIP\Enum
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPRIP\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPRIP\Security



Tested on Windows XP
April 10, 2008

MegaSecurity