DataRape 1.3 (a) server

DataRape 1.3 (a) server
(Backdoor.Win32.Datarape.13.a)

by ·´¯)fLÍ¶¶M®Ðê(¯`·

Based on source of Latinus

Written in Delphi

Released in December 2002


Server:
size: 521.224  bytes

port: 11000, 30000 TCP

startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "(Default)" 
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "SystemTray" 
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "Win_update" 
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices "(Default)" 
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices "SystemTray" 
HKEY_CLASSES_ROOT\jklfile\shell\open\command "(Default)" 

dropped files:
c:\WINDOWS\SVCHOST.EXE 
c:\WINDOWS\SYSTEM\ok 
c:\WINDOWS\SYSTEM\systray.exe.jkl 

registry added:
HKEY_CLASSES_ROOT\.jkl "(Default)" 
HKEY_CLASSES_ROOT\jklfile "(Default)" 
HKEY_CLASSES_ROOT\jklfile "NeverShowExt" 
HKEY_CLASSES_ROOT\jklfile\DefaultIcon "(Default)" 
HKEY_CLASSES_ROOT\jklfile\shell\open\command "(Default)"

MegaSecurity