RED 1.3
(TrojanProxy.Win32.RedBind.b)

by CamCoder & Del_Armg0

Stealth Redirection Tool

Released in September 2004

more versions


Server:
dropped file:
c:\WINNT\winpad64.exe

size: 12.288 bytes
 
port: 4001 TCP

startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices "exe.46dapniw"
data: winpad64.exe exe.46dapniw

tested on Win2000

MegaSecurity