PvtBeast

PvtBeast
(Backdoor.Win32.PvtBeast)

by ?

Written in Delphi, compressed with UPX




dropped files:
c:\WINDOWS\system32\reg heale.exe    size: 53.248 bytes 
c:\WINDOWS\system32\Com\mscrs.com    size: 53.248 bytes 
c:\WINDOWS\system32\wbem\mswb.com    size: 53.248 bytes 

startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{55AA0432-BB51-31EF-A1FA-11AE12E6115C} "StubPath"
data: C:\WINDOWS\System32\wbem\mswb.com 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run "COM Service"
data: C:\WINDOWS\System32\COM\mscrs.com 

tested on Windows XP
December 13, 2004

MegaSecurity