Yakoza 3.0

By Ali Moazemi

Informations

From	Iran
Author	Ali Moazemi
Family	Yakoza
Category	Information Stealer
Version	Yakoza 3.0

Additional Information

Server
Dropped File:
c:\WINDOWS\system32\regsvr.exe
Size: 40,081 bytes 	 

Added to Registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell"
Old data: Explorer.exe 
New data: explorer.exe C:\WINDOWS\System32/regsvr.exe 


Tested on Windows XP
January 04, 2008