TibiaBOT
Copyright © MegaSecurity
By DarkNeo
Informations
| From | Columbia |
| Author | DarkNeo |
| Family | TibiaBOT |
| Category | Remote Access |
| Version | TibiaBOT |
| Language | Visual Basic |
Additional Information
dropped files:
c:\WINDOWS\system\execute.exe Size: 151,552 bytes
c:\WINDOWS\system\wrundll2.exe Size: 151,552 bytes
c:\WINDOWS\system32\execute.exe Size: 151,552 bytes
c:\WINDOWS\system32\wrundll2.exe Size: 151,552 bytes
added to registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell"
old data: Explorer.exe
new data: Explorer.exe C:\WINDOWS\system\execute.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Windows Messenger"
data: C:\WINDOWS\system\67+9-0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Windows Update"
data: C:\WINDOWS\system\wrundll2.exe
tested on Windows XP
September 26, 2006If you recognize any personal information on this page and wish to have it removed or redacted, please contact us at jplesueur@phrozen.io. We are committed to protecting your privacy in accordance with GDPR regulations.