.: GunBot (f) :.
By Franck
::actions
Additional Details
- Coded by: Franck
- Version: GunBot (f)
- Coded in: Microsoft Visual C++, Compressed with tELock 0.98
- Family: GunBot
- Category: Remote Access
MegaSecurity Notes
dropped files: c:\Documents and Settings\%user%\Local Settings\Temp\RarSFX0\GunBot.exe Size: 32,768 bytes c:\Documents and Settings\%user%\Local Settings\Temp\RarSFX0\rinst.exe Size: 7,680 bytes c:\WINDOWS\system32\bpk.exe Size: 397,312 bytes c:\WINDOWS\system32\bpkhk.dll Size: 8,704 bytes c:\WINDOWS\system32\bpkr.exe Size: 7,680 bytes c:\WINDOWS\system32\bpkwb.dll Size: 40,960 bytes c:\WINDOWS\system32\inst.dat Size: 996 bytes c:\WINDOWS\system32\pk.bin Size: 3,940 bytes added to registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "bpk" data: C:\WINDOWS\SYSTEM32\bpk.exe HKEY_CLASSES_ROOT\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A} HKEY_CLASSES_ROOT\Interface\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A} HKEY_CLASSES_ROOT\PK.IE HKEY_CLASSES_ROOT\TypeLib\{1E1B286C-88FF-11D3-8D96-D7ACAC95951A} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_STISVC\0000\Control HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\C HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_STISVC\0000\Control tested on Windows XP November 29, 2005
URL's and mails were automatically redacted (filtered) for reader's safety. However the filter is not perfect and can't find all harmful elements. If you find something dangerous including file link, website, mail address, profanity... contact me immediately at sub7crew@protonmail.com, thank you in advance.