Backdoor.Win32.VB.ym
(Backdoor.Win32.VB.ym)

by ?

Written in Visual Basic

more in this category


Backdoor.Win32.VB.ym:
dropped file:
c:\WINDOWS\system32\LJMANGEL CRACKER.EXE
size: 118,784 bytes 

port: 1788, 1789 TCP

startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Hxdhuzgayg"
data: C:\WINDOWS\SYSTEM32\LJMANGEL CRACKER.EXE 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices "Fuvjvhdm"
data: C:\WINDOWS\SYSTEM32\LJMANGEL CRACKER.EXE 

HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Agent\Apps\Htxmaemizv "Path"
data: C:\WINDOWS\SYSTEM32\LJMANGEL CRACKER.EXE 



tested on Windows XP
August 24, 2005

MegaSecurity