Kelebek
Released 20 years, 10 months ago. January 2004
Copyright © MegaSecurity
By ?
Informations
| From | Turkey |
| Author | ? |
| Family | Kelebek |
| Category | Remote Access |
| Version | Kelebek |
| Released Date | Jan 2004, 20 years, 10 months ago. |
Additional Information
dropped files:
c:\WINDOWS\history\1687.reg size: 110 bytes
c:\WINDOWS\history\1719.reg size: 107 bytes
c:\WINDOWS\history\1793.reg size: 110 bytes
c:\WINDOWS\history\blackstar.exe size: 2,921 bytes
c:\WINDOWS\history\caole.exe size: 444 bytes
c:\WINDOWS\history\colomba.exe size: 2,140 bytes
c:\WINDOWS\history\control.ini size: 56 bytes
c:\WINDOWS\history\derimino.exe size: 31,110 bytes
c:\WINDOWS\history\derotor.exe size: 16,862 bytes
c:\WINDOWS\history\EXPLORER.exe size: 6,656 bytes
c:\WINDOWS\history\fempe.exe size: 506 bytes
c:\WINDOWS\history\fullname.txt size: 5,483 bytes
c:\WINDOWS\history\Kopya mirc.ini size: 2,618 bytes
c:\WINDOWS\history\mirc.ini size: 2,546 bytes
c:\WINDOWS\history\mirc32.exe size: 1,790,464 bytes
c:\WINDOWS\history\ragstear.exe size: 428 bytes
c:\WINDOWS\history\remas32.exe size: 108 bytes
c:\WINDOWS\history\script1.exe size: 64 bytes
c:\WINDOWS\history\servers.exe size: 153 bytes
added to registry:
HKEY_CURRENT_USER\Software\Microsoft\Microsoft Agent
HKEY_CURRENT_USER\Software\mIRC
HKEY_CURRENT_USER\Software\mIRC\DateUsed
HKEY_CLASSES_ROOT\.cha
HKEY_CLASSES_ROOT\.chat
HKEY_CLASSES_ROOT\ChatFile
HKEY_CLASSES_ROOT\ChatFile\DefaultIcon
HKEY_CLASSES_ROOT\ChatFile\Shell
HKEY_CLASSES_ROOT\ChatFile\Shell\open
HKEY_CLASSES_ROOT\ChatFile\Shell\open\command
HKEY_CLASSES_ROOT\ChatFile\Shell\open\ddeexec
HKEY_CLASSES_ROOT\ChatFile\Shell\open\ddeexec\Application
HKEY_CLASSES_ROOT\ChatFile\Shell\open\ddeexec\ifexec
HKEY_CLASSES_ROOT\ChatFile\Shell\open\ddeexec\Topic
HKEY_CLASSES_ROOT\irc
HKEY_CLASSES_ROOT\irc\DefaultIcon
HKEY_CLASSES_ROOT\irc\Shell
HKEY_CLASSES_ROOT\irc\Shell\open
HKEY_CLASSES_ROOT\irc\Shell\open\command
HKEY_CLASSES_ROOT\irc\Shell\open\ddeexec
HKEY_CLASSES_ROOT\irc\Shell\open\ddeexec\Application
HKEY_CLASSES_ROOT\irc\Shell\open\ddeexec\ifexec
HKEY_CLASSES_ROOT\irc\Shell\open\ddeexec\Topic
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mIRC
does connect to IRC
tested on Windows XP
December 23, 2004If you recognize any personal information on this page and wish to have it removed or redacted, please contact us at jplesueur@phrozen.io. We are committed to protecting your privacy in accordance with GDPR regulations.