Resume
Copyright © MegaSecurity
By ?
Informations
| Author | ? |
| Family | Resume |
| Category | Remote Access |
| Version | Resume |
| Language | Borland C++, compressed with PE-Pack |
Additional Information
dropped files:
c:\WINDOWS\NETDDT.EXE size: 32.256 bytes
c:\WINDOWS\wininit.ini size: 102 bytes
c:\WINDOWS\system\CMMOD32.EXE size: 32.256 bytes
value wininit.ini:
[rename]
nul=C:\WINDOWS\NETDDT.EXE
C:\WINDOWS\NETDDT.EXE=C:\DOCUME~1\KOBAYA~1\Desktop\BACKDO~2.EXE
startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "(Default)"
data: CMMOD32.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell"
old data: Explorer.exe
new data: explorer.exe NETDDT.EXE
tested on Windows XP
December 28, 2004If you recognize any personal information on this page and wish to have it removed or redacted, please contact us at jplesueur@phrozen.io. We are committed to protecting your privacy in accordance with GDPR regulations.