SRaT 1.6 Build 1024

SRaT 1.6 Build 1024
(Backdoor.Win32.Prosti.amo)
(Trojan.Win32.Delf.foo for Server)
(Trojan.Win32.Delf.fog for SratMain.dll)

by Neishei131

Written in Delphi

Released in October 2008

Made in China/font>

more versions


Server:
Dropped Files:
c:\WINDOWS\system32\M1zI5rot16.ini              Size: 3 bytes 
c:\WINDOWS\system32\drivers\etc\0pekvOfy.dll    Size: 136,510 bytes 


Added to Registry:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SRAT_Service "ImagePath"
Data: %SystemRoot%\System32\svchost.exe -k netsvcs 
	
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SRAT_Service\Parameters "ServiceDLL"
Data: %SystemRoot%\system32\drivers\etc\0pekvOfy.dll 
	
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SRAT_Service "ImagePath"
Data: %SystemRoot%\System32\svchost.exe -k netsvcs 
	
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SRAT_Service\Parameters "ServiceDLL"
Data: %SystemRoot%\system32\drivers\etc\0pekvOfy.dll 


Tested on Windows XP
November 09, 2008

MegaSecurity