Bmail (b)
Copyright © MegaSecurity
By ?
Informations
| Author | ? |
| Family | Bmail |
| Category | Remote Access |
| Version | Bmail (b) |
| Language | Microsoft Visual C++ |
Additional Information
dropped file:
c:\WINDOWS\system32\hom1.txt
port: 5153 TCP
added to registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "setFTPBack"
data: C:\WINDOWS\System32\createsw.exe
attempts to connect to a FTP Server
explorer startpage is altered to "www.babasearch.com"
tested on Windows XP
November 16, 2005If you recognize any personal information on this page and wish to have it removed or redacted, please contact us at jplesueur@phrozen.io. We are committed to protecting your privacy in accordance with GDPR regulations.