Backdoor.Win32.VB.aby
(Backdoor.Win32.VB.aby)

by ?

Original name is unknown

Written in Visual Basic, compressed with PEBundle

more in this category


Dropped files:
%local dir%\temp.bat
c:\WINDOWS\system32\install.bat    Size: 535 bytes 
c:\WINDOWS\system32\SERVICE.exe    Size: 28,672 bytes   (Trojan.Win32.Hider.b)

port: 25211 TCP

added to registry:
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run "MpfAgentA"
data: MpfAgentA.exe 

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunServices "MpfAgentA"
data: MpfAgentA.exe 

HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run "MpfAgentA"
data: MpfAgentA.exe 

HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunServices "MpfAgentA"
data: MpfAgentA.exe 



tested on Windows XP
January 07, 2005

MegaSecurity