Bandook 1.35
Released 17 years, 7 months ago. April 2007
Copyright © MegaSecurity
By Princeali
Informations
| Author | Princeali |
| Family | Bandook |
| Category | Remote Access |
| Version | Bandook 1.35 |
| Released Date | Apr 2007, 17 years, 7 months ago. |
Additional Information
Server
Dropped Files:
c:\WINDOWS\bhookpl.dll Size: 17,896 bytes
c:\WINDOWS\system32\ali.exe Size: 98,304 bytes
Added to Registry:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion "bnhide"
data: 2000|ali.exe|Bandook|1167|x|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Bandook"
data: C:\WINDOWS\System32\ali.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{B6A807N6-42DF-4W02-93E5-B156B3FA8AL1} "StubPath"
old data: C:\WINDOWS\System32\screp.exe
new data: C:\WINDOWS\System32\ali.exe
Tested on Windows XP
April 02, 2007If you recognize any personal information on this page and wish to have it removed or redacted, please contact us at jplesueur@phrozen.io. We are committed to protecting your privacy in accordance with GDPR regulations.