Radmin Dropper

Released 20 years, 11 months ago. May 2004

By tansuoufo

Informations

From	China
Author	tansuoufo
Family	Radmin Dropper
Category	Remote Access
Version	Radmin Dropper
Released Date	May 2004, 20 years, 11 months ago.
Language	Visual Basic

Additional Information

Dropped Files:
c:\WINDOWS\system32\admdll.dll         Size: 46,592 bytes 
c:\WINDOWS\system32\r_server.exe       Size: 176,128 bytes 
c:\WINDOWS\system32\raddrv.dll         Size: 17,408 bytes 
c:\WINDOWS\system32\readme1.htm        Size: 453 bytes 
c:\WINDOWS\system32\twmm.gif           Size: 15,025 bytes 
c:\WINDOWS\system32\WindowsUpdate.exe  Size: 60,928 bytes 
c:\WINDOWS\system32\zdhxn.htm          Size: 965 bytes 
c:\WINDOWS\system32\zdhxn.mid          Size: 14,652 bytes 

port: 6319 TCP

added to registry:
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{083863F1-70DE-11D0-BD40-00A0C911CE86}
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{083863F1-70DE-11D0-BD40-00A0C911CE86}\{31345649-0000-0010-8000-00AA00389B71}
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{083863F1-70DE-11D0-BD40-00A0C911CE86}\{A2551F60-705F-11CF-A424-00AA003735BE}
HKEY_CURRENT_USER\Software\Microsoft\Multimedia\ActiveMovie
HKEY_CURRENT_USER\Software\Microsoft\Multimedia\ActiveMovie\Filter Cache
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_R_SERVER
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_R_SERVER\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_R_SERVER\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\r_server
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\r_server\Enum
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\r_server\Security
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_R_SERVER
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_R_SERVER\0000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_R_SERVER\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\r_server
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\r_server\Enum
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\r_server\Security
HKEY_LOCAL_MACHINE\SYSTEM\RAdmin
HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0
HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\Server
HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\Server\iplist
HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\Server\Parameters



tested on Windows XP
April 23, 2005