Diablo Keys 2.1
Released 23 years ago. September 2001
Copyright © MegaSecurity
By KodaPT
Informations
| Author | KodaPT |
| Family | Diablo Keys |
| Category | Information Stealer |
| Version | Diablo Keys 2.1 |
| Released Date | Sep 2001, 23 years ago. |
| Language | Visual Basic |
Additional Information
Server:
dropped files:
c:\WINNT\.exe size: 131.072 bytes
c:\WINNT\Cache\.exe size: 131.072 bytes
c:\WINNT\system32\server.dll size: 167 bytes
c:\WINNT\system32\dllcache\regedit.exe size: 73.488 bytes
added to registry:
HKEY_CURRENT_USER\Software\VB and VBA Program Settings\server\Main "SelfPath"
data: C:\Program Files\DK\server.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "(Default)"
data: C:\WINNT\.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell"
old data: Explorer.exe
new data: Explorer.exe C:\WINNT\.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C} "StubPath"
old data: "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
new data: C:\WINNT\.exe
KEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders "Common Startup"
old data: %ALLUSERSPROFILE%\Start Menu\Programs\Startup
new data: C:\WINNT\Cache
changed:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders "Startup"
old data: C:\Documents and Settings\%user%\Start Menu\Programs\Startup
new data: C:\WINNT\Cache
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders "Startup"
old data: %USERPROFILE%\Start Menu\Programs\Startup
new data: C:\WINNT\Cache
tested on Windows XP
December 19, 2004If you recognize any personal information on this page and wish to have it removed or redacted, please contact us at jplesueur@phrozen.io. We are committed to protecting your privacy in accordance with GDPR regulations.