DRaT 1.24 Server
(Backdoor.Win32.Drat.124)

by DaRaTTy

Written in Visual C++

more versions 




dropped file:
c:\WINDOWS\SHELL32.EXE
size: 77,312 bytes 

port: 54379, 48 TCP

startup:
HKEY_CLASSES_ROOT\batfile\shell\open\command "(Default)"
old data: "%1" %* 
new data: SHELL32 "%1" %* 

HKEY_CLASSES_ROOT\exefile\shell\open\command "(Default)"
old data: "%1" %* 
new data: SHELL32 "%1" %* 


tested on Windows XP
November 17, 2005
MegaSecurity