Backdoor.Win32.VB.cl
(Backdoor.Win32.VB.cl)

by CMC Ltd.

Original Filename: crezy.exe

Written in Visual Basic

more in this category


Backdoor.Win32.VB.cl:

port: 113 TCP

dropped files:
c:\WINDOWS\sysdll.exe    size: 49.152 bytes 
c:\WINDOWS\winsdk.exe    size: 49.152 bytes 

startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "sysdll"
data: C:\WINDOWS\sysdll.exe
 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "winsdk"
data: C:\WINDOWS\winsdk.exe 

does (try to) join #abcdospaon on a specified IRC server in Turkey	

tested on Windows XP 

MegaSecurity