xProxyBot
Released 20 years ago. September 2004
Copyright © MegaSecurity
By ?
Informations
| Author | ? |
| Family | xProxyBot |
| Category | Remote Access |
| Version | xProxyBot |
| Released Date | Sep 2004, 20 years ago. |
| Language | Visual C++ |
Additional Information
dropped file:
c:\WINDOWS\system32\w32.exe
size: 39.936 bytes
port: 9687, %random_port% TCP
added to registry:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "w32"
data: w32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "w32"
data: w32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices "w32"
data: w32.exe
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\w32
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\w32
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\w32\Security
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\w32
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\w32
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\w32\Security
Every 20 minutes a notification request is sent via HTTP to www.earthlabs.biz
tested on Windows XPIf you recognize any personal information on this page and wish to have it removed or redacted, please contact us at jplesueur@phrozen.io. We are committed to protecting your privacy in accordance with GDPR regulations.