Padonok (p)
(Backdoor.Win32.Padodor.p)

by HangUp Team


Made in Russia

more versions 





dropped files:
c:\WINDOWS\system32\Fijjcmnp.dll
size: 6.145 bytes 

c:\WINDOWS\system32\Jmijgflc.exe
size: 65.750 bytes 

port: 5162, 16454, 32121, 23232, 25346 TCP

added to registry:
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\BrowseNewProcess
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\BrowseNewProcess
HKEY_CLASSES_ROOT\CLSID\{79FB9088-19CE-715E-D900-216290C5B738}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\C



tested on Windows XP
January 01, 2005
MegaSecurity