BodomBot (b)

BodomBot (b)
(Backdoor.Win32.BodomBot.b)

by ?

Compressed with PECompact


dropped file:
c:\WINDOWS\system32\msmpr32.exe
size: 19,456 bytes 

port: 113 TCP

startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Microsoft MPR Library Host"
data: C:\WINDOWS\System32\msmpr32.exe §NõwTö Œö xö pö Ìú

attempts to connect to an IRC Server



tested on Windows XP
June 10, 2005

MegaSecurity