hamTaRo 1.3

Released 19 years, 10 months ago. August 2005

By MaLy

Informations

From	Poland
Author	MaLy
Family	hamTaRo
Category	Remote Access
Version	hamTaRo 1.3
Released Date	Aug 2005, 19 years, 10 months ago.
Language	Delphi

Additional Information

Server:
dropped file:
c:\WINDOWS\svchost.exe
size: 454,144 bytes 

port: 14920 TCP

added to registry:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools"
data: 01, 00, 00, 00 

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "svchost"
data: C:\Windows\svchost.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "svchost"
data: C:\Windows\svchost.exe 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List "C:\Windows\svchost.exe"
data: C:\Windows\svchost.exe:*:Enabled:svchost 



tested on Windows XP
September 04, 2005