VatosAjan Pro (b)
Released 19 years, 6 months ago. May 2005
Copyright © MegaSecurity
By ?
Informations
| From | Turkey |
| Author | ? |
| Family | VatosAjan |
| Category | Remote Access |
| Version | VatosAjan Pro (b) |
| Released Date | May 2005, 19 years, 6 months ago. |
Additional Information
Server:
dropped files:
c:\WINDOWS\system32\sysocxw.com
size: 46,082 bytes
c:\WINDOWS\system32\WORKGROUPS.{208D2C60-3AEA-1069-A2D7-08002B30309D}\avlist.vts
size: 485 bytes
c:\WINDOWS\system32\WORKGROUPS.{208D2C60-3AEA-1069-A2D7-08002B30309D}\ieakhtm.dll
size: 59,392 bytes
c:\WINDOWS\system32\WORKGROUPS.{208D2C60-3AEA-1069-A2D7-08002B30309D}\log.vts
size: 2,900 bytes
c:\WINDOWS\system32\WORKGROUPS.{208D2C60-3AEA-1069-A2D7-08002B30309D}\mailpas.exe
size: 42,496 bytes
c:\WINDOWS\system32\WORKGROUPS.{208D2C60-3AEA-1069-A2D7-08002B30309D}\messnger.exe
size: 41,984 bytes
c:\WINDOWS\system32\WORKGROUPS.{208D2C60-3AEA-1069-A2D7-08002B30309D}\netpas.exe
size: 37,376 bytes
c:\WINDOWS\system32\WORKGROUPS.{208D2C60-3AEA-1069-A2D7-08002B30309D}\nreg.exe
size: 31,744 bytes
c:\WINDOWS\system32\WORKGROUPS.{208D2C60-3AEA-1069-A2D7-08002B30309D}\plugin.exe
size: 171,008 bytes
c:\WINDOWS\system32\WORKGROUPS.{208D2C60-3AEA-1069-A2D7-08002B30309D}\ser.dat
size: 97 bytes
deleted:
c:\WINDOWS\system32\Restore\MachineGuid.txt
added to registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{872415-GGFRT-TKMN-24F9-2154487HHGT8} "StubPath"
data: C:\WINDOWS\System32\sysocxw.com
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore "DisableSR"
tested on Windows XP
May 14, 2005If you recognize any personal information on this page and wish to have it removed or redacted, please contact us at jplesueur@phrozen.io. We are committed to protecting your privacy in accordance with GDPR regulations.