.: GunBot (f) :.
By Franck
::actions
Additional Details
- Coded by: Franck
- Version: GunBot (f)
- Coded in: Microsoft Visual C++, Compressed with tELock 0.98
- Family: GunBot
- Category: Remote Access
MegaSecurity Notes
dropped files:
c:\Documents and Settings\%user%\Local Settings\Temp\RarSFX0\GunBot.exe
Size: 32,768 bytes
c:\Documents and Settings\%user%\Local Settings\Temp\RarSFX0\rinst.exe
Size: 7,680 bytes
c:\WINDOWS\system32\bpk.exe Size: 397,312 bytes
c:\WINDOWS\system32\bpkhk.dll Size: 8,704 bytes
c:\WINDOWS\system32\bpkr.exe Size: 7,680 bytes
c:\WINDOWS\system32\bpkwb.dll Size: 40,960 bytes
c:\WINDOWS\system32\inst.dat Size: 996 bytes
c:\WINDOWS\system32\pk.bin Size: 3,940 bytes
added to registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "bpk"
data: C:\WINDOWS\SYSTEM32\bpk.exe
HKEY_CLASSES_ROOT\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}
HKEY_CLASSES_ROOT\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A}
HKEY_CLASSES_ROOT\PK.IE
HKEY_CLASSES_ROOT\TypeLib\{1E1B286C-88FF-11D3-8D96-D7ACAC95951A}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_STISVC\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\C
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_STISVC\0000\Control
tested on Windows XP
November 29, 2005
URL's and mails were automatically redacted (filtered) for reader's safety. However the filter is not perfect and can't find all harmful elements. If you find something dangerous including file link, website, mail address, profanity... contact me immediately at sub7crew@protonmail.com, thank you in advance.