Blakharaz 1.0

Blakharaz 1.0
(Backdoor.Win32.BlackHaraz)

by Shadow


Server:
dropped file:
C:\WINDOWS\SYSTEM\BLAKHARAZ.EXE

startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run

MegaSecurity