Written in Visual C++, server is compressed with ASPack

Released in December 2002

Made in China

more versions

Server:
dropped files:
c:\WINDOWS\SYSTEM\rpcsrv.exe 
c:\WINDOWS\SYSTEM\syshelp.exe 
c:\WINDOWS\SYSTEM\WinGate.exe 
c:\WINDOWS\SYSTEM\winrpc.exe 
c:\WINDOWS\SYSTEM\WinRpcsrv.exe 

size: 84.992 bytes

port: 10168 TCP

startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "Module Call 
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "syshelp" 
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "WinGate initialize" 
HKEY_CLASSES_ROOT\txtfile\shell\open\command "(Default)" 
c:\windows\win.ini, [windows] "run" 

registry added:
HKEY_CURRENT_USER\Identities\{FF2A18A0-D622-11D7-A190-00A02480D0C4}\Software\Microsoft\Outlook Express\5.0\News 
HKEY_CURRENT_USER\Identities\{FF2A18A0-D622-11D7-A190-00A02480D0C4}\Software\Microsoft\Outlook Express\5.0\Rules\Mail 
HKEY_CURRENT_USER\Identities\{FF2A18A0-D622-11D7-A190-00A02480D0C4}\Software\Microsoft\Outlook Express\5.0\Trident\Main 
HKEY_CURRENT_USER\Identities\{FF2A18A0-D622-11D7-A190-00A02480D0C4}\Software\Microsoft\Outlook Express\5.0\Trident\Settings 
HKEY_CURRENT_USER\Software\Microsoft\WAB\WAB4\Wab File Name