ProRat 1.0b
(Backdoor.Win32.Prorat.10.a)

by P®O Group

Released in April 2002

Made in Turkey

more versions 




Client:
port: 29888 TCP



Server:
dropped files:
c:\WINDOWS\SYSTEM\LOADER.EXE 
c:\WINDOWS\SYSTEM\MSMSG.EXE 
size: 257.757 bytes 

c:\WINDOWS\SYSTEM\MAIN.EXE 

port: 22311, 58343 TCP

startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{6EF52A52-394A-11d3-B153-00707897TY} "StubPath" 
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "MSNMESENGER"
MegaSecurity