Gunbot (f)
Copyright © MegaSecurity
By Franck
Informations
| Author | Franck |
| Family | Gunbot |
| Category | Remote Access |
| Version | Gunbot (f) |
| Language | Microsoft Visual C++, Compressed with tELock 0.98 |
Additional Information
dropped files:
c:\Documents and Settings\%user%\Local Settings\Temp\RarSFX0\GunBot.exe
Size: 32,768 bytes
c:\Documents and Settings\%user%\Local Settings\Temp\RarSFX0\rinst.exe
Size: 7,680 bytes
c:\WINDOWS\system32\bpk.exe Size: 397,312 bytes
c:\WINDOWS\system32\bpkhk.dll Size: 8,704 bytes
c:\WINDOWS\system32\bpkr.exe Size: 7,680 bytes
c:\WINDOWS\system32\bpkwb.dll Size: 40,960 bytes
c:\WINDOWS\system32\inst.dat Size: 996 bytes
c:\WINDOWS\system32\pk.bin Size: 3,940 bytes
added to registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "bpk"
data: C:\WINDOWS\SYSTEM32\bpk.exe
HKEY_CLASSES_ROOT\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}
HKEY_CLASSES_ROOT\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}
HKEY_CLASSES_ROOT\PK.IE
HKEY_CLASSES_ROOT\TypeLib\{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_STISVC\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\C
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_STISVC\0000\Control
tested on Windows XP
November 29, 2005If you recognize any personal information on this page and wish to have it removed or redacted, please contact us at jplesueur@phrozen.io. We are committed to protecting your privacy in accordance with GDPR regulations.