.: Yakoza 3.6 :.
Released 13 years, 11 months ago. Jun 2008
By Ali Moazemi::actions
Additional Details
- From: Iran
- Coded by: Ali Moazemi
- Version: Yakoza 3.6
- Released date: Jun 2008, 13 years, 11 months ago.
- Family: Yakoza
- Category: Information Stealer
MegaSecurity Notes
Server Dropped Files: c:\WINDOWS\winlogon.exe Size: 110,592 bytes c:\WINDOWS\PCHealth\UploadLB\Config\csrss.exe Size: 71,881 bytes c:\WINDOWS\system\sys.exe Size: 32,768 bytes c:\WINDOWS\system\trdy.txt Size: 4 bytes c:\WINDOWS\system32\svchot.exe Size: 71,881 bytes c:\WINDOWS\system32\config\svchost.exe Size: 32,768 bytes c:\WINDOWS\system32\drivers\etc\rundll32.exe Size: 110,592 bytes c:\WINDOWS\system32\drivers\etc\setup.txt Size: 159 bytes c:\WINDOWS\system32\Restore\up.exe Size: 71,881 bytes Added to Registry: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "SystemFile" Data: winlogon.exe HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\stud "ImagePath" Data: %SystemRoot%\System32\config\svchost.exe /service HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\stud "ImagePath" Data: %SystemRoot%\System32\config\svchost.exe /service Tested on Windows XP August 04, 2008
URL's and mails were automatically redacted (filtered) for reader's safety. However the filter is not perfect and can't find all harmful elements. If you find something dangerous including file link, website, mail address, profanity... contact me immediately at sub7crew@protonmail.com, thank you in advance.