PA HAC Wlam 1.0
Released 20 years, 4 months ago. July 2004
Copyright © MegaSecurity
By PA HAC
Informations
| From | Poland |
| Author | PA HAC |
| Family | PA HAC |
| Category | Remote Access |
| Version | PA HAC Wlam 1.0 |
| Released Date | Jul 2004, 20 years, 4 months ago. |
| Language | Delphi |
Additional Information
Server:
dropped file:
c:\WINDOWS\config.exe
size: 556.032 bytes
port: 1789, 1790, 1711, 1710, 1793, 1794, 1795, 1797, 1798, 1721, 1740, 1796 TCP TCP
startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "PowerProfile"
data: C:\windows\config.exe
lines added to autoexec.bat:
C:\autoexec.bat "del C:\progra~1\zonela~1\zoneal~1\*.*exe"
C:\autoexec.bat "del C:\progra~1\norton~1\*.*dll"
C:\autoexec.bat "del C:\progra~1\kerio\Person~1\*.*exe"
C:\autoexec.bat "del C:\progra~1\norton~1\*.*exe"
C:\autoexec.bat "del C:\progra~1\zonela~1\zoneal~1\*.*dll"
C:\autoexec.bat "dir c:"If you recognize any personal information on this page and wish to have it removed or redacted, please contact us at jplesueur@phrozen.io. We are committed to protecting your privacy in accordance with GDPR regulations.