CmjSpy (g)
Copyright © MegaSecurity
By cmjboy
Informations
| From | China |
| Author | cmjboy |
| Family | CmjSpy |
| Category | Remote Access |
| Version | CmjSpy (g) |
| Language | Delphi, compressed with UPX |
Additional Information
Server:
dropped files:
c:\WINDOWS\scanregw .exe
c:\WINDOWS\taskmon .exe
c:\WINDOWS\SYSTEM\SysTray .Exe
c:\WINDOWS\scanregw .exe
c:\WINDOWS\taskmon .exe
c:\WINDOWS\SYSTEM\mgkdll .exe
c:\WINDOWS\SYSTEM\ppx.txt
c:\WINDOWS\SYSTEM\systemdllx.vxd
c:\WINDOWS\SYSTEM\tdllcope.vxd
port: 55555 TCP
startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "ScanRegistry"
Old data: C:\WINDOWS\scanregw.exe /autorun
New data: "C:\WINDOWS\scanregw .exe" /autorun
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "SystemTray"
Old data: SysTray.Exe
New data: "SysTray .Exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "Taakcontrole"
Old data: C:\WINDOWS\taskmon.exe
New data: "C:\WINDOWS\taskmon .exe"If you recognize any personal information on this page and wish to have it removed or redacted, please contact us at jplesueur@phrozen.io. We are committed to protecting your privacy in accordance with GDPR regulations.