I Feel Lucky I Feel Very Lucky

Cold Fear

Released 18 years, 2 months ago. September 2006

Copyright © MegaSecurity

By H4CK1TD0WN

Cold Fear
Informations
From Germany
Author H4CK1TD0WN
Family Cold Fear
Category Remote Access
Version Cold Fear
Released Date Sep 2006, 18 years, 2 months ago.
Additional Information 
Server:
dropped files:
c:\config\antivir.exe            Size: 1,613,874 bytes 
c:\config\CS.exe                 Size: 1,613,874 bytes 
c:\config\explorer.exe           Size: 1,613,874 bytes 
c:\config\ICQ.exe                Size: 1,613,874 bytes 
c:\config\ICQLite.exe            Size: 1,613,874 bytes 
c:\config\MSN.exe                Size: 1,613,874 bytes 
c:\config\ntoskrnl.exe           Size: 1,613,874 bytes 
c:\config\paint.exe              Size: 1,613,874 bytes 
c:\config\rundll.exe             Size: 1,613,874 bytes 
c:\config\rundll32.exe           Size: 1,613,874 bytes 
c:\config\taskmgr.exe            Size: 1,613,874 bytes 
c:\config\win32.exe              Size: 1,613,874 bytes 
c:\WINDOWS\system32\Bmp2Jpeg.dll Size: 88,064 bytes 

startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "antivir"
data: C:\config\antivir.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "CS"
data: C:\config\CS.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "explorer"
data: C:\config\explorer.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "ICQ"
data: C:\config\ICQ.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "ICQLite"
data: C:\config\ICQLite.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "MSN"
data: C:\config\MSN.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "ntoskrnl"
data: C:\config\ntoskrnl.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "paint"
data: C:\config\paint.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "rundll"
data: C:\config\rundll.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "rundll32"
data: C:\config\rundll32.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "taskmgr"
data: C:\config\taskmgr.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "win32"
data: C:\config\win32.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RUNSERVICES "antivir"
data: C:\config\antivir.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RUNSERVICES "CS"
data: C:\config\CS.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RUNSERVICES "explorer"
data: C:\config\explorer.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RUNSERVICES "ICQ"
data: C:\config\ICQ.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RUNSERVICES "ICQLite"
data: C:\config\ICQLite.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RUNSERVICES "MSN"
data: C:\config\MSN.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RUNSERVICES "ntoskrnl"
data: C:\config\ntoskrnl.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RUNSERVICES "paint"
data: C:\config\paint.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RUNSERVICES "rundll"
data: C:\config\rundll.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RUNSERVICES "rundll32"
data: C:\config\rundll32.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RUNSERVICES "taskmgr"
data: C:\config\taskmgr.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RUNSERVICES "win32"
data: C:\config\win32.exe 




tested on Windows XP
December 16, 2006

If you recognize any personal information on this page and wish to have it removed or redacted, please contact us at jplesueur@phrozen.io. We are committed to protecting your privacy in accordance with GDPR regulations.