Bifrost 1.1 Chinese v2

Bifrost 1.1 Chinese v2
(Backdoor.Win32.Bifrose.d)
(Trojan-Dropper.Win32.Delf.jf)

by ksv

Written in Delphi

Released in July 2005




Server:
dropped files:
c:\WINNT\system32\plugin1.dat    Size: 51,733 bytes 
c:\WINNT\system32\XMCHAI.EXE     Size: 88,421 bytes 

startup:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "startkey"
data: C:\WINNT\system32\XMCHAI.EXE 

tested on Win2000
July 03, 2005

MegaSecurity