.: Doly 1.1 :.

Released 22 years, 6 months ago. Apr 1999

By A-D-M
Doly 1.1

Additional Details

  • Coded by: A-D-M
  • Version: Doly 1.1
  • Released date: Apr 1999, 22 years, 6 months ago.
  • Coded in: Visual Basic
  • Family: Doly Trojan
  • Category: Remote Access

MegaSecurity Notes

Server:
dropped files:
c:\msdos.win    Size: 0 bytes 
c:\sys.lon    Size: 169,472 bytes 
c:\Memory manger\data.dll     size: 169.472 bytes 
c:\Memory manger\data.z       size: 17.408 bytes 
c:\Memory manger\mem.chk      size: 607.744 bytes 
c:\Memory manger\mem.dll      size: 24.576 bytes 
c:\Memory manger\memmange.exe size: 27.648 bytes 
c:\Memory manger\su.chk       size: 1.417 bytes 
c:\Program Files\MStesk.exe   size: 169.472 bytes 
c:\WINNT\dos.win              size: 24.576 bytes 
c:\WINNT\winstart.bat         size: 70 bytes 
c:\WINNT\system\serv-u.ini    size: 1.417 bytes 
c:\WINNT\system\tesk.exe      size: 169.472 bytes 
c:\WINNT\system\windll16.sys  size: 607.744 bytes 

port: 1011 TCP

added to registry:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Ms tesk"
data: c:\Program Files\MStesk.exe 

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows "load"
data: c:\windows\system\tesk.exe 

tested on Windows 2000
November 12, 2004

URL's and mails were automatically redacted (filtered) for reader's safety. However the filter is not perfect and can't find all harmful elements. If you find something dangerous including file link, website, mail address, profanity... contact me immediately at sub7crew@protonmail.com, thank you in advance.