RBot.gen
Copyright © MegaSecurity
By ?
Informations
| Author | ? |
| Family | RBot |
| Category | Remote Access |
| Version | RBot.gen |
Additional Information
Backdoor.Win32.Rbot.gen:
dropped file:
c:\WINNT\system32\wkssvrs.exe
size: 105.408 bytes
port: 113 TCP
startup:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Microsoft Updates"
data: wkssvrs.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Microsoft Updates"
data: wkssvrs.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices "Microsoft Updates"
data: wkssvrs.exe
Does (try to) connect to an IRC server
tested on Win2000If you recognize any personal information on this page and wish to have it removed or redacted, please contact us at jplesueur@phrozen.io. We are committed to protecting your privacy in accordance with GDPR regulations.