Krepper (f) - Malware Gallery

Informations

Author	?
Family	Krepper
Category	Remote Access
Version	Krepper (f)

Additional Information

dropped file:
c:\WINDOWS\system32\kernel32.exe 
size: 876,544 bytes 

port: 211, 1180 TCP

added to registry:
HKEY_CLASSES_ROOT\CLSID\{BB258289-99BE-0C16-4AF0-95144AF09514}\InprocServer32 
HKEY_LOCAL_MACHINE\SOFTWARE\Licenses 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RFC1156Agent\CurrentVersion\Parameters 
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Windows Management\Security 
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\. 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Windows Management\Security 


tested on Windows XP
December 18, 2005