Radmin Dropper
Released 20 years, 6 months ago. May 2004
Copyright © MegaSecurity
By tansuoufo
Informations
From | China |
Author | tansuoufo |
Family | Radmin Dropper |
Category | Remote Access |
Version | Radmin Dropper |
Released Date | May 2004, 20 years, 6 months ago. |
Language | Visual Basic |
Additional Information
Dropped Files:
c:\WINDOWS\system32\admdll.dll Size: 46,592 bytes
c:\WINDOWS\system32\r_server.exe Size: 176,128 bytes
c:\WINDOWS\system32\raddrv.dll Size: 17,408 bytes
c:\WINDOWS\system32\readme1.htm Size: 453 bytes
c:\WINDOWS\system32\twmm.gif Size: 15,025 bytes
c:\WINDOWS\system32\WindowsUpdate.exe Size: 60,928 bytes
c:\WINDOWS\system32\zdhxn.htm Size: 965 bytes
c:\WINDOWS\system32\zdhxn.mid Size: 14,652 bytes
port: 6319 TCP
added to registry:
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{083863F1-70DE-11D0-BD40-00A0C911CE86}
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{083863F1-70DE-11D0-BD40-00A0C911CE86}\{31345649-0000-0010-8000-00AA00389B71}
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{083863F1-70DE-11D0-BD40-00A0C911CE86}\{A2551F60-705F-11CF-A424-00AA003735BE}
HKEY_CURRENT_USER\Software\Microsoft\Multimedia\ActiveMovie
HKEY_CURRENT_USER\Software\Microsoft\Multimedia\ActiveMovie\Filter Cache
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_R_SERVER
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_R_SERVER\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_R_SERVER\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\r_server
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\r_server\Enum
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\r_server\Security
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_R_SERVER
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_R_SERVER\0000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_R_SERVER\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\r_server
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\r_server\Enum
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\r_server\Security
HKEY_LOCAL_MACHINE\SYSTEM\RAdmin
HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0
HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\Server
HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\Server\iplist
HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\Server\Parameters
tested on Windows XP
April 23, 2005
If you recognize any personal information on this page and wish to have it removed or redacted, please contact us at jplesueur@phrozen.io. We are committed to protecting your privacy in accordance with GDPR regulations.