I Feel Lucky I Feel Very Lucky

TGA BackDoor 2.0

Released 19 years, 1 month ago. January 2006

Copyright © MegaSecurity

By TGA

Informations
From Brazil
Author TGA
Family TGA BackDoor
Category Remote Access
Version TGA BackDoor 2.0
Released Date Jan 2006, 19 years, 1 month ago.
Language Delphi
Additional Information 
Server:
dropped file:
c:\WINDOWS\system\smss.exe
size: 271,393 bytes 

port: 6666, 29559, 456, 741 TCP

added to registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell"
old data: Explorer.exe 
new data: Explorer.exe, C:\WINDOWS\system\smss.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusDisableNotify"
data: 01, 00, 00, 00 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride"
data: 01, 00, 00, 00 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallDisableNotify"
data: 01, 00, 00, 00 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride"
data: 01, 00, 00, 00 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirstRunDisabled"
data: 01, 00, 00, 00 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "UpdatesDisableNotify"
data: 01, 00, 00, 00 

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile "DisableNotifications"
data: 01, 00, 00, 00 

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile "DoNotAllowExceptions"
data: 01, 00, 00, 00 

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile "Enablefirewall"
data: 00, 00, 00, 00 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile "DisableNotifications"
data: 01, 00, 00, 00 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile "DoNotAllowExceptions"
data: 01, 00, 00, 00 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile "Enablefirewall"
data: 00, 00, 00, 00 


tested on Windows XP
February 10, 2006

If you recognize any personal information on this page and wish to have it removed or redacted, please contact us at jplesueur@phrozen.io. We are committed to protecting your privacy in accordance with GDPR regulations.