Mtexer 1.0
Released 21 years, 9 months ago. December 2002
Copyright © MegaSecurity
By ?
Informations
| From | China |
| Author | ? |
| Family | Mtexer |
| Category | Remote Access |
| Version | Mtexer 1.0 |
| Released Date | Dec 2002, 21 years, 9 months ago. |
| Language | Visual C++, server is compressed with ASPack |
Additional Information
Server:
dropped files:
c:\WINDOWS\SYSTEM\rpcsrv.exe
c:\WINDOWS\SYSTEM\syshelp.exe
c:\WINDOWS\SYSTEM\WinGate.exe
c:\WINDOWS\SYSTEM\winrpc.exe
c:\WINDOWS\SYSTEM\WinRpcsrv.exe
size: 84.992 bytes
port: 10168 TCP
startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "Module Call
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "syshelp"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "WinGate initialize"
HKEY_CLASSES_ROOT\txtfile\shell\open\command "(Default)"
c:\windows\win.ini, [windows] "run"
registry added:
HKEY_CURRENT_USER\Identities\{FF2A18A0-D622-11D7-A190-00A02480D0C4}\Software\Microsoft\Outlook Express\5.0\News
HKEY_CURRENT_USER\Identities\{FF2A18A0-D622-11D7-A190-00A02480D0C4}\Software\Microsoft\Outlook Express\5.0\Rules\Mail
HKEY_CURRENT_USER\Identities\{FF2A18A0-D622-11D7-A190-00A02480D0C4}\Software\Microsoft\Outlook Express\5.0\Trident\Main
HKEY_CURRENT_USER\Identities\{FF2A18A0-D622-11D7-A190-00A02480D0C4}\Software\Microsoft\Outlook Express\5.0\Trident\Settings
HKEY_CURRENT_USER\Software\Microsoft\WAB\WAB4\Wab File NameIf you recognize any personal information on this page and wish to have it removed or redacted, please contact us at jplesueur@phrozen.io. We are committed to protecting your privacy in accordance with GDPR regulations.