Vallani
Released 18 years, 3 months ago. August 2006
Copyright © MegaSecurity
By Vallani
Informations
| Author | Vallani |
| Family | Vallani |
| Category | Remote Access |
| Version | Vallani |
| Released Date | Aug 2006, 18 years, 3 months ago. |
| Language | Delphi |
Additional Information
Server:
dropped files:
c:\WINDOWS\ime\chsime\applets\helpctr.reg Size: 949 bytes
c:\WINDOWS\ime\chsime\applets\helpfile.cmd Size: 65 bytes
c:\WINDOWS\ime\chsime\applets\qcrvk32.exe Size: 475,136 bytes
c:\WINDOWS\java\classes\launch.cmd Size: 501 bytes
c:\WINDOWS\system32\setup_$h135496.exe Size: 475,136 bytes
added to registry:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr"
data: 1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Services"
data: C:\WINDOWS\ime\chsime\applets\qcrvk32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "svchost"
data: C:\WINDOWS\ime\chsime\applets\qcrvk32.exe
HKEY_CLASSES_ROOT\cmdfile\shell\open\command "(Default)"
old data: "%1" %*
new data: C:\WINDOWS\ime\chsime\applets\qcrvk32.exe
HKEY_CLASSES_ROOT\comfile\shell\open\command "(Default)"
old data: "%1" %*
new data: C:\WINDOWS\java\classes\launch.cmd "%1" %*
HKEY_CLASSES_ROOT\exefile\shell\open\command "(Default)"
old data: "%1" %*
new data: C:\WINDOWS\java\classes\launch.cmd "%1" %*
HKEY_CLASSES_ROOT\regfile\shell\open\command "(Default)"
old data: regedit.exe "%1"
new data: C:\WINDOWS\ime\chsime\applets\qcrvk32.exe
tested on Windows XP
October 10, 2006If you recognize any personal information on this page and wish to have it removed or redacted, please contact us at jplesueur@phrozen.io. We are committed to protecting your privacy in accordance with GDPR regulations.