Sadam

Sadam
(not-a-virus:Server-FTP.Win32.SlimFTPd.314 for trustlixcb.exe)

by Ontarget

Released in February 2004

Made in Colombia

shown while installing backdoor




dropped files:
c:\WINNT\system32\sadam.exe       size: 24.576 bytes 
c:\WINNT\system32\sadam.swf       size: 152.653 bytes 
c:\WINNT\system32\slimftpd.conf   size: 223 bytes 
c:\WINNT\system32\SlimFTPd.log    size: 420 bytes 
c:\WINNT\system32\trustlixcb.exe  size: 14.848 bytes
 
port: 7829 TCP

startup:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "ModemLog"
data: C:\WINDOWS\system32\trustlixcb.exe

MegaSecurity