Thunk (d)
(Backdoor.Thunk.d)

by ?

Written in C

more versions


dropped files:
c:\WINDOWS\system32\child.dll  (Backdoor.Thunk.e)
size: 8.192 bytes 

added to registry:
HKEY_USERS\S-1-5-21-789336058-1957994488-1060284298-1003_Classes\CLSID\{3F143C3A-1457-6CCA-03A7-7AA23B61E40F}\InProcServer32
HKEY_CURRENT_USER\Software\Classes\CLSID\{3F143C3A-1457-6CCA-03A7-7AA23B61E40F}\InProcServer32
HKEY_CLASSES_ROOT\CLSID\{3F143C3A-1457-6CCA-03A7-7AA23B61E40F}\InProcServer32

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler "{3F143C3A-1457-6CCA-03A7-7AA23B61E40F}"
data: OLE Automation Module 


tested on Windows XP
december 22, 2004

MegaSecurity