Petala

Petala
(Backdoor.Win32.Petala)

By {[Petala]} & ViDeLzInha (?)

Written in Visual Basic

September 2003

Made in Brazil


Internal Name: nav2004 


Servers:
c:\WINDOWS\windata.exe 
c:\WINDOWS\SYSTEM\msjis.exe 

size: 331.776 bytes 

port: 113 TCP

startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "Microsoft Network Control" 
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "Microsoft Network Registry Control" 

added:
c:\WINDOWS\regbck.sys 
c:\WINDOWS\windata.exe 
c:\WINDOWS\SYSTEM\msjis.exe 

The backdoor can be controlled using an IRC bot.

MegaSecurity