Tequila Bandita 1.2b2 Chinese Version v2

tequila bandita 1.2b2 Chinese Version v2
(Backdoor.Win32.Banito.s for Client)
(Backdoor.Win32.Banito.aq for Server)

by stm

Written in Delphi

Released in December 2005





Server:
dropped file:
c:\WINDOWS\winhost32.exe
size: 24,576 bytes 	

startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ActiveX Key "StubPath"
data: C:\WINDOWS\winhost32.exe

	
tested on Windows XP
January 04, 2006

MegaSecurity