Destruktor 2.2 - Malware Gallery

Informations

From	Poland
Author	Destruktor
Family	Destruktor
Category	Remote Access
Version	Destruktor 2.2
Released Date	Aug 2005, 19 years, 1 month ago.
Language	Delphi

Additional Information

Server:
dropped files:
c:\WINDOWS\rozruch.exe    Size: 40,448 bytes 
c:\WINDOWS\shost32.exe    Size: 833,135 bytes 

added to registry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "(Default)"
data: C:\WINDOWS\ 

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "shost32.exe"
data: C:\WINDOWS\shost32.exe 

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List "C:\Documents and Settings\Kobayashi\Desktop\dest22\game.exe"
data: C:\Documents and Settings\%user%\Desktop\dest22\game.exe:*:Enabled:Usï¿½uga systemowa 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kmixer\Enum "0"
data: SW\{b7eafdc0-a680-11d0-96d8-00aa0051e51d}\{9B365890-165F-11D0-A195-0020AFD156E4} 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List "C:\Documents and Settings\Kobayashi\Desktop\dest22\game.exe"
data: C:\Documents and Settings\%user%\Desktop\dest22\game.exe:*:Enabled:Usï¿½uga systemowa 




tested on Windows XP
September 07, 2005