DG RAT 2008 (6.1)
(Backdoor.Win32.Delf.jhh)

by DG

Written in Delphi

Released in June 2008

Made in China

more versions

 





Server
Dropped File:
c:\WINDOWS\system32\12345.dll
Size: 31,232 bytes 


Added to Registry:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BITS\Parameters "ServiceDll"
Old data: C:\WINDOWS\System32\qmgr.dll 
New data: C:\WINDOWS\system32\12345.dll 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters "ServiceDll"
Old data: C:\WINDOWS\System32\qmgr.dll 
New data: C:\WINDOWS\system32\12345.dll 



Tested on Windows XP
August 09, 2008
MegaSecurity