A-311 1.3 (aw)
Released 20 years, 1 month ago. October 2004
Copyright © MegaSecurity
By Corpse
Informations
| From | Russia |
| Author | Corpse |
| Family | A-311 Death |
| Category | Remote Access |
| Version | A-311 1.3 (aw) |
| Released Date | Oct 2004, 20 years, 1 month ago. |
| Language | MASM |
Additional Information
Server:
dropped files:
c:\WINDOWS\system32\klogini.dll size: 0 bytes
c:\WINDOWS\system32\p2.ini size: 320 bytes
c:\WINDOWS\system32\ps.a3d size: 95 bytes
C:\WINDOWS\system32\cm.dll size: 28960 bytes (Backdoor.Win32.Haxdoor.av)
C:\WINDOWS\system32\draw32.dll size: 28960 bytes (Backdoor.Win32.Haxdoor.av)
C:\WINDOWS\system32\hm.sys size: 15872 bytes (Backdoor.Win32.Haxdoor.gen)
C:\WINDOWS\system32\memlow.sys size: 4096 bytes (Backdoor.Win32.Haxdoor.ar)
C:\WINDOWS\system32\vdnt32.sys size: 15872 bytes (Backdoor.Win32.Haxdoor.gen)
C:\WINDOWS\system32\wd.sys size: 4096 bytes (Backdoor.Win32.Haxdoor.ar)
port: 16661 TCP
added to registry:
HKEY_CURRENT_USER\Identities\{D4086F36-0B1C-4F8B-883F-F6A433830ADF}\Software\Microsoft\Internet Account Manager
HKEY_CURRENT_USER\Software\Microsoft\Internet Account Manager
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\draw32
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MEMLOW
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_VDNT32
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\memlow
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vdnt32
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MEMLOW
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VDNT32
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\memlow
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vdnt32
tested on Windows XP
January 06, 2005If you recognize any personal information on this page and wish to have it removed or redacted, please contact us at jplesueur@phrozen.io. We are committed to protecting your privacy in accordance with GDPR regulations.