XHackedPro

Released 18 years ago. November 2006

By B@dr07

Informations

Author	B@dr07
Family	XHackedPro
Category	Remote Access
Version	XHackedPro
Released Date	Nov 2006, 18 years ago.
Language	Delphi

Additional Information

Server:
dropped files:
c:\Documents and Settings\%user%\Local Settings\Temp\IXP000.TMP\01.exe
size: 20,610 bytes 

c:\Documents and Settings\%user%\Local Settings\Temp\IXP000.TMP\Serveur.exe
size: 26,491 bytes 

c:\Documents and Settings\%user%\Local Settings\Temp\IXP000.TMP\vock.exe
size: 66,536 bytes 

c:\Documents and Settings\%user%\Local Settings\Temp\IXP000.TMP\xhacked.vbs
size: 770 bytes 

port: 2200 TCP

added to registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce "wextract_cleanup0"
data: rundll32.exe C:\WINDOWS\System32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\%user%\LOCALS~1\Temp\IXP000.TMP\" 



tested on Windows 2000
December 21, 2006