by ?
Original name is unknown
Written in Visual Basic, compressed with PEBundle
Dropped files: %local dir%\temp.bat c:\WINDOWS\system32\install.bat Size: 535 bytes c:\WINDOWS\system32\SERVICE.exe Size: 28,672 bytes (Trojan.Win32.Hider.b) port: 25211 TCP added to registry: HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run "MpfAgentA" data: MpfAgentA.exe HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunServices "MpfAgentA" data: MpfAgentA.exe HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run "MpfAgentA" data: MpfAgentA.exe HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunServices "MpfAgentA" data: MpfAgentA.exe tested on Windows XP January 07, 2005MegaSecurity