Demon-Ps 2.7
Released 16 years, 6 months ago. March 2008
Copyright © MegaSecurity
By Masoud Azimi
Informations
| From | Iran |
| Author | Masoud Azimi |
| Family | Demon Ps |
| Category | Remote Access |
| Version | Demon-Ps 2.7 |
| Released Date | Mar 2008, 16 years, 6 months ago. |
| Language | Visual Basic |
Additional Information
Server
Dropped Files:
c:\WINDOWS\system32\ball.exe Size: 73,728 bytes
c:\WINDOWS\system32\i.txt Size: 313 bytes
c:\WINDOWS\system32\S.BAT Size: 66 bytes
c:\WINDOWS\system32\config\he.txt Size: 222 bytes
c:\WINDOWS\system32\config\sysrestore.exe Size: 73,728 bytes
Added to Registry::
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run "(Default)"
Data: C:\WINDOWS\system32\config\sysrestore.exe -s
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell"
Data: Explorer.exe C:\WINDOWS\system32\ball.exe -s
Tested on Windows XP
September 23, 2008If you recognize any personal information on this page and wish to have it removed or redacted, please contact us at jplesueur@phrozen.io. We are committed to protecting your privacy in accordance with GDPR regulations.