VatosAjan 2.4

VatosAjan 2.4
(Backdoor.Win32.Vatos.24)
(Trojan-Dropper.Win32.Small.vy)

by ?

Compressed with UPX

Released in March 2005

Made in Turkey


Server:
size: 328,192 bytes

dropped files:
c:\WINDOWS\system32\install.com    Size: 328,192 bytes 
c:\WINDOWS\system32\WORKGROUPS.{208D2C60-3AEA-1069-A2D7-08002B30309D}\SVCHOST.EXE   Size: 328,192 bytes 

added to registry:
HKEY_CURRENT_USER\Software\NirSoft
HKEY_CURRENT_USER\Software\NirSoft\MailPassView
HKEY_CURRENT_USER\Software\NirSoft\MessenPass
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{872415-GGFRT-TKMN-24F9-2154487HHGT8}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_STISVC\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_STISVC\0000\Control



tested on Windows XP
April 08, 2005

MegaSecurity