Wednesday, January 17, 2007

Collected in the Wild

Nothing special, looks like a downloader, tries to connect to *****.cc/getcommand.php?addtodb=1&uid=rtrtrele.CurrentU. to get the payload that's packed and repacked quite often. File length: 2829 bytes. MD5 hash: 2147eb874fefe4e6a90b6ea56e4d629a.

The next one is rather more interesting as it's a registry backdoor, creating a new service and opening up a listening port 5555. File length: 21504 bytes. MD5 hash: 406e3fc8a2f298a151890b3bee9d7b18.

Creates service "msntupd (msntupd)" as "C:\WINDOWS\SYSTEM32\regbd.sys".

No comments:

Post a Comment