Vicky avi
Released 20 years, 6 months ago. March 2004
Copyright © MegaSecurity
By ?
Informations
| Author | ? |
| Family | Vicky avi |
| Category | Remote Access |
| Version | Vicky avi |
| Released Date | Mar 2004, 20 years, 6 months ago. |
Additional Information
dropped files:
c:\Program Files\Sexy-Vicky\Vicky\porn.avi size: 614.400 bytes
c:\WINDOWS\system32\fixm1.dll size: 46.795 bytes
c:\WINDOWS\system32\KB823182012.log size: 10.474 bytes
c:\WINDOWS\system32\KB823182013.log size: 20.468 bytes
c:\WINDOWS\system32\log.vdx size: 1.522 bytes
c:\WINDOWS\system32\secure.txt size: 0 bytes
c:\WINDOWS\system32\Secw32.exe size: 2 bytes
c:\WINDOWS\system32\Sys132.dll size: 250 bytes
c:\WINDOWS\system32\systemu.vxd size: 221 bytes
c:\WINDOWS\system32\TEMP.MVR size: 3.456 bytes
c:\WINDOWS\system32\UdpV1.dll size: 40.960 bytes
c:\WINDOWS\system32\WlnFs.exe size: 3.689 bytes
c:\WINDOWS\system32\Wlogk1.exe size: 40 bytes
c:\WINDOWS\system32\zvchost.exe size: 656.387 bytes
port: 1036 TCP
added to registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "windows"
data: C:\WINDOWS\System32\zvchost.exe
HKEY_CLASSES_ROOT\ChatFile\DefaultIcon
HKEY_CLASSES_ROOT\ChatFile\Shell\open\command
HKEY_CLASSES_ROOT\ChatFile\Shell\open\ddeexec\Application
HKEY_CLASSES_ROOT\ChatFile\Shell\open\ddeexec\ifexec
HKEY_CLASSES_ROOT\ChatFile\Shell\open\ddeexec\Topic
HKEY_CLASSES_ROOT\irc\DefaultIcon
HKEY_CLASSES_ROOT\irc\Shell\open\command
HKEY_CLASSES_ROOT\irc\Shell\open\ddeexec\Application
HKEY_CLASSES_ROOT\irc\Shell\open\ddeexec\ifexec
HKEY_CLASSES_ROOT\irc\Shell\open\ddeexec\Topic
tested on Windows XP
December 19, 2004If you recognize any personal information on this page and wish to have it removed or redacted, please contact us at jplesueur@phrozen.io. We are committed to protecting your privacy in accordance with GDPR regulations.