Sood - Malware Gallery

Informations

Author	?
Family	Sood
Category	Remote Access
Version	Sood
Language	Delphi

Additional Information

Backdoor.Win32.Sood:
dropped files:
c:\WINDOWS\SYSTEM\loadnbs.exe     size: 411 KB
c:\WINDOWS\REGEDIT.EXE 
c:\WINDOWS\SCANREGW.EXE 
c:\WINDOWS\WELCOME.EXE 
c:\WINDOWS\SYSTEM\INTERNAT.EXE 
c:\WINDOWS\netwatch.exe 
c:\WINDOWS\regedit.ock 
c:\WINDOWS\scanregw.ock 
c:\WINDOWS\welcome.ock 
c:\WINDOWS\SYSTEM\internat.ock 

added to registry::
HKCR\exefile\shell\open\command "(Default)" 

HKEY_CLASSES_ROOT\ockfile\Shellex\{86F19A00-42A0-1069-A2E9-08002B30309D} 
HKEY_CLASSES_ROOT\ockfile\Shellex\{B41DB860-8EE4-11D2-9906-E49FADC173CA}