Hav-RAT 1.3.0 Private Knieme

Hav-RAT 1.3.0 Private Knieme
(Constructor.Win32.Tarhav.a)
(Backdoor.Win32.Bifrose.agn)

by Havalito

Written in Delphi

Released in May 2007

Made in Sweden


Server:
dropped files:
c:\WINDOWS\system32\orb32wvx\rhb32swo.exe                                     Size: 34,128 bytes 
c:\Documents and Settings\%user%\Local Settings\Temp\IXP000.TMP\gncbdg.exe    Size: 34,128 bytes 	

startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5B7AC5A1-6568-13F1-261B-67911AF4B4D8} "stubpath"
data: C:\WINDOWS\System32\orb32wvx\rhb32swo.exe s 
	
	
tested on Windows XP
July 08, 2007

MegaSecurity