I Feel Lucky I Feel Very Lucky

Goldfish

Copyright © MegaSecurity

By ?

Informations
Author ?
Family Goldfish
Category Remote Access
Version Goldfish
Language C, compressed with UPX
Additional Information 
dropped files:
c:\WINDOWS\system32\taskcfg.exe                           Size: 30,240 bytes 
c:\WINDOWS\system32\IME\all_windows_keygen.exe            Size: 30,240 bytes 
c:\WINDOWS\system32\IME\Battlefield1942_bloodpatch.exe    Size: 30,240 bytes 
c:\WINDOWS\system32\IME\bootdisk2k.exe                    Size: 30,240 bytes 
c:\WINDOWS\system32\IME\command.com                       Size: 30,240 bytes 
c:\WINDOWS\system32\IME\enter_the_matrix_crack.exe        Size: 30,240 bytes 
c:\WINDOWS\system32\IME\enter_the_matrix_trainer4.exe     Size: 30,240 bytes 
c:\WINDOWS\system32\IME\format.exe                        Size: 30,240 bytes 
c:\WINDOWS\system32\IME\goldfish.scr                      Size: 30,240 bytes 
c:\WINDOWS\system32\IME\keygen.exe                        Size: 30,240 bytes 
c:\WINDOWS\system32\IME\photoshop_7_crack.exe             Size: 30,240 bytes 
c:\WINDOWS\system32\IME\photoshop_7_keygen.exe            Size: 30,240 bytes 
c:\WINDOWS\system32\IME\Porn.exe                          Size: 30,240 bytes 
c:\WINDOWS\system32\IME\windows.scr                       Size: 30,240 bytes 
c:\WINDOWS\system32\IME\winnt.exe                         Size: 30,240 bytes 

added to registry:
HKEY_CURRENT_USER\Software\KAZAA\LocalContent "Dir0"
data: 012345:C:\WINDOWS\System32\ime\ h� � � �� pM�wh� >K�w�� ( � � ( �� P�w�� ( �M�w� � 

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Internet Explorer"
data: taskcfg.exe 

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce "Internet Explorer"
data: taskcfg.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Internet Explorer"
data: taskcfg.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce "Internet Explorer"
data: taskcfg.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices "Internet Explorer"
data: taskcfg.exe


tested on Windows XP
January 24, 2006

If you recognize any personal information on this page and wish to have it removed or redacted, please contact us at jplesueur@phrozen.io. We are committed to protecting your privacy in accordance with GDPR regulations.