Yakoza 3.6
Released 16 years, 10 months ago. June 2008
Copyright © MegaSecurity
By Ali Moazemi
Informations
| From | Iran |
| Author | Ali Moazemi |
| Family | Yakoza |
| Category | Information Stealer |
| Version | Yakoza 3.6 |
| Released Date | Jun 2008, 16 years, 10 months ago. |
Additional Information
Server
Dropped Files:
c:\WINDOWS\winlogon.exe Size: 110,592 bytes
c:\WINDOWS\PCHealth\UploadLB\Config\csrss.exe Size: 71,881 bytes
c:\WINDOWS\system\sys.exe Size: 32,768 bytes
c:\WINDOWS\system\trdy.txt Size: 4 bytes
c:\WINDOWS\system32\svchot.exe Size: 71,881 bytes
c:\WINDOWS\system32\config\svchost.exe Size: 32,768 bytes
c:\WINDOWS\system32\drivers\etc\rundll32.exe Size: 110,592 bytes
c:\WINDOWS\system32\drivers\etc\setup.txt Size: 159 bytes
c:\WINDOWS\system32\Restore\up.exe Size: 71,881 bytes
Added to Registry:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "SystemFile"
Data: winlogon.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\stud "ImagePath"
Data: %SystemRoot%\System32\config\svchost.exe /service
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\stud "ImagePath"
Data: %SystemRoot%\System32\config\svchost.exe /service
Tested on Windows XP
August 04, 2008If you recognize any personal information on this page and wish to have it removed or redacted, please contact us at jplesueur@phrozen.io. We are committed to protecting your privacy in accordance with GDPR regulations.