Backdoor.Win32.VB.d
(Backdoor.Win32.VB.d)

by ?

Product Name: Shell32. Original Filename: setup.exe

Written in Visual C++, compressed with ASPack

more in this category


Backdoor.Win32.VB.d:

size: 71,680 bytes
 
port: 113, 1077 TCP

registry added:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "ShellEx" 
data: C:\WINDOWS\SYSTEM\ShellEx.exe 

dropped file:
c:\WINDOWS\SYSTEM\rundll32.pin 
size: 260 bytes 

MegaSecurity