CrazzyNet
(Backdoor.Win32.CrazyNet)

by CrAzzyWak

Written in Visual Basic

Released in July 2000

more versions


Backdoor.Win32.CrazyNet:
dropped files:
c:\winstart.bat         size: 25 bytes 
data: C:\WINNT\Registry32.exe

c:\WINNT\Registry32.exe size: 321.080 bytes 

port: 17500, 17499 TCP

added to registry:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Reg32"
data: Registry32.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows "run"
data: Registry32.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell"
old data: Explorer.exe 
new data: Explorer.exe Registry32.exe 

tested on Win2000 
MegaSecurity