Whirlpool
Released 22 years, 3 months ago. August 2002
Copyright © MegaSecurity
By JIMMYLIN
Informations
| From | China |
| Author | JIMMYLIN |
| Family | Whirlpool |
| Category | Remote Access |
| Version | Whirlpool |
| Released Date | Aug 2002, 22 years, 3 months ago. |
| Language | Delphi |
Additional Information
Client:
port: 8848, 8864 TCP
Server:
dropped files:
C:\WINDOWS\SYSTEM\internat.dic
C:\WINDOWS\notepad.jmp
size: 509.440 bytes
port: 3721 TCP
startup:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run "Windows"
HKCR\txtfile\shell\open\command "(Default)"
Added:
Keys:
HKEY_CLASSES_ROOT\.dic
HKEY_CLASSES_ROOT\.jmp
Values:
HKEY_CLASSES_ROOT\.dic "(Default)"
Type: REG_SZ
Data: exefile
HKEY_CLASSES_ROOT\.jmp "(Default)"
Type: REG_SZ
Data: exefileIf you recognize any personal information on this page and wish to have it removed or redacted, please contact us at jplesueur@phrozen.io. We are committed to protecting your privacy in accordance with GDPR regulations.