JooJoo
Released 18 years, 5 months ago. April 2006
Copyright © MegaSecurity
By Red Move
Informations
| Author | Red Move |
| Family | JooJoo |
| Category | Information Stealer |
| Version | JooJoo |
| Released Date | Apr 2006, 18 years, 5 months ago. |
| Language | Visual Basic |
Additional Information
Server:
dropped file:
c:\WINDOWS\system32\Knrl32.exe Size: 19,167 bytes
c:\WINDOWS\system32\SystemLoader.exe Size: 19,167 bytes
startup:
HKEY_CLASSES_ROOT\txtfile\shell\open\command "(Default)"
old data: %SystemRoot%\system32\NOTEPAD.EXE %1
new data: SystemLoader.exe opext C:\WINDOWS\\system32\notepad.exe %1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Kernel"
data: C:\WINDOWS\System32\Knrl32.exe /au
tested on Windows XP
April 02 2006If you recognize any personal information on this page and wish to have it removed or redacted, please contact us at jplesueur@phrozen.io. We are committed to protecting your privacy in accordance with GDPR regulations.