|
by Hacker Share, modified by Ayaz
Based on Source of Inv4S10N 1.5
Released in January 2009
Made in Brazil
|
|
Client: Dropped Files: c:\Documents and Settings\%user%\Application Data\addon.dat Size: 22,040 bytes c:\Documents and Settings\%user%\Local Settings\Temp\IXP000.TMP\AYAZ_R~1.EXE Size: 103,108 bytes c:\Documents and Settings\%user%\Local Settings\Temp\IXP000.TMP\RAT-_I~1.EXE Size: 1,328,640 bytes Added to Registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce "wextract_cleanup0" Data: rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\KOBAYA~1\LOCALS~1\Temp\IXP000.TMP\" Server Dropped File: c:\WINDOWS\wservicez.exe Size: 157,756 bytes Added to Registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "WServicez" Data: C:\WINDOWS\wservicez.exe Tested on Windows XP January 25, 2009MegaSecurity