Reload 2K5 VIP
Copyright © MegaSecurity
By Wspomagacz
Informations
| From | Poland |
| Author | Wspomagacz |
| Family | Reload |
| Category | Remote Access |
| Version | Reload 2K5 VIP |
| Language | Delphi, compressed with UPX |
Additional Information
Server:
dropped file:
c:\WINDOWS\svchost.exe
size: 355,975 bytes
port: 60007, 60008 TCP
added to registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit"
old data: C:\WINDOWS\system32\userinit.exe,
new data: C:\WINDOWS\svchost.exe,C:\WINDOWS\system32\userinit.exe,
tested on Windows XP
October 31, 2005If you recognize any personal information on this page and wish to have it removed or redacted, please contact us at jplesueur@phrozen.io. We are committed to protecting your privacy in accordance with GDPR regulations.