.: Cold Fusion 1.2 (build 2005) :.

Additional Details

• Coded by: Satan_addict, Flippmode, Read101, Trade Mark
• Version: Cold Fusion 1.2 (build 2005)
• Released date: Sep 2005, 16 years, 10 months ago.
• Coded in: Delphi
• Family: Cold Fusion
• Category: Remote Access

MegaSecurity Notes

Server:
dropped files:
c:\WINDOWS\mwspool.exe                   Size: 4,170,503 bytes 
c:\WINDOWS\winsock.scr                   Size: 6,224,503 bytes 
c:\WINDOWS\system32\run.com              Size: 2,116,503 bytes 
c:\WINDOWS\system32\spool.exe            Size: 124,123 bytes 
c:\WINDOWS\system32\drivers\~DF4DAO.dll  Size: 74,240 bytes 

startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell"
old data: Explorer.exe 
new data: Explorer.exe winsock.scr 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "System"
old data: 
new data: C:\WINDOWS\System32\run.com 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{TEST_9381D8F2-0288-11D0-9501-00AA00B911A5} "StubPath"
data: C:\WINDOWS\System32\spool.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "winupde"
data: C:\WINDOWS\mwspool.exe 

tested on Windows XP
October 12, 2005