Just4Fun Standard Edition

Just4Fun Standard Edition
(Trojan-Dropper.Win32.KillProcs.a)
by Ferry87
Written in Visual C++, Server compressed with UPX
Released in July 2005
Made in Germany

Server:
dropped files:
c:\Documents and Settings\%user%\Local Settings\Temp\Crt2.tmp\browser.cox
size: 66,052 bytes 

c:\Documents and Settings\%user%\Local Settings\Temp\Crt2.tmp\Desktop.cox
size: 12,292 bytes 

c:\Documents and Settings\%user%\Local Settings\Temp\Crt2.tmp\FerretSys.cox
size: 131,074 bytes 

c:\Documents and Settings\%user%\Local Settings\Temp\Crt2.tmp\kccda.cox
size: 25,606 bytes 

c:\Documents and Settings\%user%\Local Settings\Temp\Crt2.tmp\KCCLIP.cox
size: 36,869 bytes 

c:\Documents and Settings\%user%\Local Settings\Temp\Crt2.tmp\kcdialog.cox
size: 43,011 bytes 

c:\Documents and Settings\%user%\Local Settings\Temp\Crt2.tmp\kcedit.cox
size: 40,965 bytes 

c:\Documents and Settings\%user%\Local Settings\Temp\Crt2.tmp\kcprint.cox
size: 40,964 bytes 

c:\Documents and Settings\%user%\Local Settings\Temp\Crt2.tmp\kcriched.cox
size: 90,115 bytes 

c:\Documents and Settings\%user%\Local Settings\Temp\Crt2.tmp\kctaskpr.cox
size: 18,435 bytes 

c:\Documents and Settings\%user%\Local Settings\Temp\Crt2.tmp\mooclick.cox
size: 138,243 bytes 

c:\Documents and Settings\%user%\Local Settings\Temp\Crt2.tmp\shutdown.cox
size: 49,155 bytes 

c:\Documents and Settings\%user%\Local Settings\Temp\Crt2.tmp\taskbar.cox
size: 15,876 bytes 

c:\Documents and Settings\%user%\Local Settings\Temp\Crt2.tmp\volume.cox
size: 39,429 bytes 

c:\Documents and Settings\%user%\Local Settings\Temp\Crt2.tmp\winmanip.cox
size: 16,387 bytes 

c:\Documents and Settings\%user%\Local Settings\Temp\pck1e220246\absturz.bat
size: 367 bytes 

c:\Documents and Settings\%user%\Local Settings\Temp\pck1e220246\avkill.bat
size: 5,525 bytes 

c:\Documents and Settings\%user%\Local Settings\Temp\pck1e220246\blasterfunktion.bat
size: 18 bytes 

c:\Documents and Settings\%user%\Local Settings\Temp\pck1e220246\cncs232.dll
size: 285,696 bytes 

c:\Documents and Settings\%user%\Local Settings\Temp\pck1e220246\pskill.exe
size: 122,880 bytes 

c:\Documents and Settings\%user%\Local Settings\Temp\pck1e220246\winlog.exe
size: 1,427,693 bytes 

c:\Documents and Settings\%user%\Local Settings\Temp\RarSFX0\winservices.exe
size: 1,065,171 bytes 

port: 21, 25, 80, 125, 135, 139, 445, 1025, 3002, 3003, 5000, 12345 TCP

startup: none


tested on Windows XP
July 19, 2005
MegaSecurity