Blackhole 2004 Build 20040815
Released 20 years, 10 months ago. August 2004
Copyright © MegaSecurity
By lovejingtao
Informations
| From | China |
| Author | lovejingtao |
| Family | Blackhole |
| Category | Remote Access |
| Version | Blackhole 2004 Build 20040815 |
| Released Date | Aug 2004, 20 years, 10 months ago. |
| Language | Delphi, compressed with UPX |
Additional Information
Client:
port: 2004 TCP
Server:
dropped file:
c:\WINNT\xxxxx.exe
size: 207.978 bytes
added to registry:
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings "EnableAutodial"
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings "EnableAutodisconnect"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "EnableAutodisconnect"
HKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings "EnableAutodisconnect"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings "EnableAutodial"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings "EnableAutodisconnect"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "test"
data: C:\WINNT\xxxxx.exe
tested on win2000If you recognize any personal information on this page and wish to have it removed or redacted, please contact us at jplesueur@phrozen.io. We are committed to protecting your privacy in accordance with GDPR regulations.