Prosiak 0.70 beta 7 (b) - Malware Gallery

Informations

From	Poland
Author	DeathSpy
Family	Prosiak
Category	Remote Access
Version	Prosiak 0.70 beta 7 (b)

Additional Information

dropped files:
c:\WINDOWS\SYSTEM\Command.dll   size: 219.456 bytes 
c:\WINDOWS\SYSTEM\mskbd.vxd     size: 0 bytes 
c:\WINDOWS\SYSTEM\ShlOpen32.dll size: 218.360 bytes 
c:\WINDOWS\SYSTEM\winproc.drv   size: 217.602 bytes 

port: 800, 23, 230, 102 TCP

added to registry:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices "ProcServer"
data: winproc.drv 

HKEY_CLASSES_ROOT\batfile\shell\open\command "(Default)"
old data: "%1" %* 
new data: Command.dll "%1" %* 

HKEY_CLASSES_ROOT\comfile\shell\open\command "(Default)"
old data: "%1" %* 
new data: ShlOpen32.dll "%1" %* 

HKEY_CLASSES_ROOT\exefile\shell\open\command "(Default)"
old data: "%1" %* 
new data: ShlOpen32.dll "%1" %* 

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RConfig


tested on Windows 98
December 15, 2004