DarkSky 2.3 (Backdoor.DarkSky.24)
Released 22 years, 4 months ago. July 2002
Copyright © MegaSecurity
By Darksky
Informations
| From | China |
| Author | Darksky |
| Family | DarkSky |
| Category | Remote Access |
| Version | DarkSky 2.3 (Backdoor.DarkSky.24) |
| Released Date | Jul 2002, 22 years, 4 months ago. |
| Language | Visual C++ |
Additional Information
Server
Dropped files:
c:\WINNT\system32\KNREL32.exe size: 16.896 bytes
c:\WINNT\system32\notepade.exe size: 16.896 bytes
c:\WINNT\system32\SysArchive.exe size: 16.896 bytes
port: 5419 TCP
startup:
HKEY_CLASSES_ROOT\.txt\shell\open\command "(Default)"
data: C:\WINNT\system32\notepade.exe %1 ���� ��wx �! D��w h;/ P� �w � � �! X�\|�3�w��
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "SysArchive"
data: SysArchive.exe 5418
HKEY_CLASSES_ROOT\exefile\shell\open\command "(Default)"
old data: "%1" %*
new data: C:\WINNT\system32\KNREL32.exe "%1" %* �w t x x x @
HKEY_CLASSES_ROOT\txtfile\shell\open\command "(Default)"
old data: %SystemRoot%\system32\NOTEPAD.EXE %1
new data: C:\WINNT\system32\notepade.exe %1 ���� ��wx �! D��w h;/ P� �w � � �! X�\|�3�w��
tested on Win2000If you recognize any personal information on this page and wish to have it removed or redacted, please contact us at jplesueur@phrozen.io. We are committed to protecting your privacy in accordance with GDPR regulations.