CyberSpy 1.3 (a)
Copyright © MegaSecurity
By Ghirai
Informations
| Author | Ghirai |
| Family | CyberSpy |
| Category | Remote Access |
| Version | CyberSpy 1.3 (a) |
| Language | Visual Basic |
Additional Information
Server:
dropped file:
C:\WINDOWS\SYSTEM\~Cab001.exe
size: 47 and 49 KB
port: 38742 TCP
startup:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run "Regcheck"
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices "Regcheck"
c:\windows\win.ini, "load"
Author Information / Description
-the files 'Install.exe' and '~Install.exe' are a little different:
-both are servers, but '~Install.exe' also kills from memory/uninstalls some firewalls and A-Virus programs...
-that's the only difference.
-you'll probably need the vb6 runtimes and mswinsck.ocx in your Windows\System folder (check altavista, etc.)
Ghirai.If you recognize any personal information on this page and wish to have it removed or redacted, please contact us at jplesueur@phrozen.io. We are committed to protecting your privacy in accordance with GDPR regulations.