Yakoza 3.6

Released 16 years, 10 months ago. June 2008

Copyright © MegaSecurity

By Ali Moazemi


Yakoza 3.6
Informations
From Iran
Author Ali Moazemi
Family Yakoza
Category Information Stealer
Version Yakoza 3.6
Released Date Jun 2008, 16 years, 10 months ago.
Additional Information
Server
Dropped Files:
c:\WINDOWS\winlogon.exe                          Size: 110,592 bytes 
c:\WINDOWS\PCHealth\UploadLB\Config\csrss.exe    Size: 71,881 bytes 
c:\WINDOWS\system\sys.exe                        Size: 32,768 bytes 
c:\WINDOWS\system\trdy.txt                       Size: 4 bytes 
c:\WINDOWS\system32\svchot.exe                   Size: 71,881 bytes 
c:\WINDOWS\system32\config\svchost.exe           Size: 32,768 bytes 
c:\WINDOWS\system32\drivers\etc\rundll32.exe     Size: 110,592 bytes 
c:\WINDOWS\system32\drivers\etc\setup.txt        Size: 159 bytes 
c:\WINDOWS\system32\Restore\up.exe               Size: 71,881 bytes 

Added to Registry:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "SystemFile"
Data: winlogon.exe 
	
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\stud "ImagePath"
Data: %SystemRoot%\System32\config\svchost.exe /service 

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\stud "ImagePath"
Data: %SystemRoot%\System32\config\svchost.exe /service 



Tested on Windows XP
August 04, 2008

If you recognize any personal information on this page and wish to have it removed or redacted, please contact us at jplesueur@phrozen.io. We are committed to protecting your privacy in accordance with GDPR regulations.