Backdoor.Win32.VB.k
(Backdoor.Win32.VB.k)

by ?

Written in Visual Basic, compressed with UPX

more in this category


Backdoor.Win32.VB.k:
dropped files:
c:\WINDOWS\system32\%trojan name%
size: 99,328 bytes 

port: 19232, 666, 1136 TCP

startup:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "UpdRegistry"
data: c:\windows\system32\%trojan name%

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "UpdRegistry"
data: c:\windows\system32\%trojan name%



tested on Windows XP
February 06, 2005

MegaSecurity