TGA BackDoor 2.0
Released 18 years, 10 months ago. January 2006
Copyright © MegaSecurity
By TGA
Informations
From | Brazil |
Author | TGA |
Family | TGA BackDoor |
Category | Remote Access |
Version | TGA BackDoor 2.0 |
Released Date | Jan 2006, 18 years, 10 months ago. |
Language | Delphi |
Additional Information
Server:
dropped file:
c:\WINDOWS\system\smss.exe
size: 271,393 bytes
port: 6666, 29559, 456, 741 TCP
added to registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell"
old data: Explorer.exe
new data: Explorer.exe, C:\WINDOWS\system\smss.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusDisableNotify"
data: 01, 00, 00, 00
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride"
data: 01, 00, 00, 00
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallDisableNotify"
data: 01, 00, 00, 00
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride"
data: 01, 00, 00, 00
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirstRunDisabled"
data: 01, 00, 00, 00
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "UpdatesDisableNotify"
data: 01, 00, 00, 00
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile "DisableNotifications"
data: 01, 00, 00, 00
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile "DoNotAllowExceptions"
data: 01, 00, 00, 00
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile "Enablefirewall"
data: 00, 00, 00, 00
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile "DisableNotifications"
data: 01, 00, 00, 00
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile "DoNotAllowExceptions"
data: 01, 00, 00, 00
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile "Enablefirewall"
data: 00, 00, 00, 00
tested on Windows XP
February 10, 2006
If you recognize any personal information on this page and wish to have it removed or redacted, please contact us at jplesueur@phrozen.io. We are committed to protecting your privacy in accordance with GDPR regulations.