RCP 1.0

RCP 1.0
(Backdoor.Win32.Hackarmy.z)

by th3B03

Written in C, source included

Released in August 2006


Server:
dropped file:
c:\WINDOWS\win32serv.exe
size: 58,880 bytes 

port: 2300 TCP

startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "win32serv"
data: C:\Windows\win32serv.EXE 


tested on Windows XP
September 04, 2006

MegaSecurity