.: R.A.T. AYAZ 1.5 :.
Released 12 years, 10 months ago. Jan 2009By Hacker Share, modified by Ayaz
- From: Brazil
- Coded by: Hacker Share, modified by Ayaz
- Version: R.A.T. AYAZ 1.5
- Released date: Jan 2009, 12 years, 10 months ago.
- Family: R.A.T. AYAZ 1.5
- Category: Remote Access
Client: Dropped Files: c:\Documents and Settings\%user%\Application Data\addon.dat Size: 22,040 bytes c:\Documents and Settings\%user%\Local Settings\Temp\IXP000.TMP\AYAZ_R~1.EXE Size: 103,108 bytes c:\Documents and Settings\%user%\Local Settings\Temp\IXP000.TMP\RAT-_I~1.EXE Size: 1,328,640 bytes Added to Registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce "wextract_cleanup0" Data: rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\KOBAYA~1\LOCALS~1\Temp\IXP000.TMP\" Server Dropped File: c:\WINDOWS\wservicez.exe Size: 157,756 bytes Added to Registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "WServicez" Data: C:\WINDOWS\wservicez.exe Tested on Windows XP January 25, 2009
URL's and mails were automatically redacted (filtered) for reader's safety. However the filter is not perfect and can't find all harmful elements. If you find something dangerous including file link, website, mail address, profanity... contact me immediately at email@example.com, thank you in advance.