NetBUIE
Copyright © MegaSecurity
By ?
Informations
| Author | ? |
| Family | NetBUIE |
| Category | Remote Access |
| Version | NetBUIE |
Additional Information
Dropper:
EMU_xbox.exe
size: 66 KB
Server:
C:\windows\system\NetBUIE.exe
Runs invisable
size: 108 KB
port:
random between 1000 and 1100 TCP
server made contact to
IP 209.75.20.28 (Verio, Inc. Englewood, US) and
204.71.191.241 (Global Crosing, Palo Alto, US)
startup:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HKLM\Software\Microsoft\Windows\Run
Added:
c:\WINDOWS\Cookies\m_r@hitbox(1).txt
c:\WINDOWS\Cookies\m_r@hg1_hitbox(2).txt
c:\WINDOWS\SYSTEM\NBconfig.exe
Remarks:
added on next reboot:
c:\WINDOWS\Cookies\m_r@hg1_hitbox(3).txt
c:\WINDOWS\Cookies\m_r@hitbox(3).txt
deleted on next reboot:
c:\WINDOWS\Cookies\m_r@hg1_hitbox(2).txt
c:\WINDOWS\Cookies\m_r@hitbox(1).txt
this alternates on next bootups.
Author Information / Description
"An "Xbox emulator" currently being offered for free on the Web is actually a Trojan horse
designed to covertly rack up money for its authors using pay-for-click and other schemes,
malicious code experts said.
Instead of enabling users to run popular Xbox games such as "Halo" on their PCs,
executing the fake emulator's installation program, "EMU_xbox.exe",
merely produces error messages."
according to www.newsbytes.com.If you recognize any personal information on this page and wish to have it removed or redacted, please contact us at jplesueur@phrozen.io. We are committed to protecting your privacy in accordance with GDPR regulations.