pMK_Veryfun (b)

pMK_Veryfun (b)
(Backdoor.Win32.Verify.b)
by pHuong mInk Kao [pMK]
Written in Microsoft Visual C++, compressed with UPX
Released in March 2005
Made in Korea
Remote Access with Telnet

Available commands:
!HELP       : Display this message
!HELPV      : Huong dan bang tieng Viet < UNDER CONSTRUCTION >
!MB "msg"   : Display message
!BI -+      : Unblock/Block input
!BP n       : Beep n times
!CD -+      : Close/Eject CD Drive
!XS n       : Start Menu : 1 : Hide ; 3: Disable ; 4: Enable
!TM -+	    : Enable/Disable Task Manager
!RT -+	    : Enable/Disable Registry
!SI "msg"   : Send text message to active window
!LP         : List processes
!KP "proc"  : Kill process
!CW         : Crash Windows 
!LW         : List Windows
!KKA        : Kick known AntiVirus
!KW -+      : Kill Windows so it can't start :D
!FM "msg"   : Flood messages, use "!FM-" to cancel !
!SWT "txt"  : Set windows text
!FZ -+      : Freeze windows, it's really cool 
!*VOL n     : Set Master Volume [ 0..100 ]
!PW "path"  : Play wave file <TESTING>
!INFO       : Various information about running computer
!KL         : View key log < VERY USEFUL >
!KLF        : View filtered key log < VERY USEFUL >
!CL         : Clear key log
!EMC        : Enum trojan's copy on LAN <TESTING>
!NAU        : Net add user with blank password < VERY USEFUL >
!SC         : Display ftp settings
!CHAT "nick": Chat with victim. To close chat dialog, use "!CHAT-"
!UD         : Update new version 
!RUN "file" "param" : Run program
!UL	"file" "server" "port" "user" "pass"	: Upload file to ftp server
!M@IL "server" "sender" "receiver" "subject" "data" : Send a e-mail
!DL "url" "file" : Download url to local file
!QUIT       : Terminate connection to host.   


Server:
dropped files:
c:\MsBootMgr.exe    Size: 23,040 bytes 
c:\WINDOWS\system32\MsIdle32.exe      Size: 23,040 bytes 
c:\WINDOWS\system32\MsIdle32Hook.dll  Size: 20,480 bytes 
c:\WINDOWS\system32\pMK_kLog.txt      Size: 0 bytes 
c:\WINDOWS\system32\pMK_kLogF.txt     Size: 0 bytes 
c:\WINDOWS\system32\pMK_wLog.txt      Size: 228 bytes 

port: 1906, 1907 TCP

startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\pVF.exe "(Default)"
data: C:\WINDOWS\System32\MsIdle32.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "MsBootMgr.exe"
data: C:\\MsBootMgr.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "MsIdle32.exe"
data: C:\WINDOWS\System32\MsIdle32.exe 



tested on Windows XP
April 04, 2005
MegaSecurity