Name: Asylum-0.1.2

 

Main:  server.exe 7.00 KB (7,168 bytes)

 

Keys: Values changed: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count "HRZR_EHACNGU"

                        Old type: REG_BINARY

                        New type: REG_BINARY

                        Old data: 57, 00, 00, 00, 09, 0A, 00, 00, A0, 37, 0A, 1D, B2, B9, C0, 01

                        New data: 57, 00, 00, 00, 0A, 0A, 00, 00, 60, 16, 9D, 4A, B2, B9, C0, 01

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count "HRZR_EHACNGU:P:\hamvccrq\Nflyhz-0.1.2\freire.rkr"

                        Old type: REG_BINARY

                        New type: REG_BINARY

                        Old data: 57, 00, 00, 00, 06, 00, 00, 00, E0, 90, 8E, 3C, B1, B9, C0, 01

                        New data: 57, 00, 00, 00, 07, 00, 00, 00, 60, 16, 9D, 4A, B2, B9, C0, 01

 

Version: 0.1.2

 

Type: remote access

 

Port/s used:  23432 (configurable)

 

Files:  doesn’t add any files

 

Modifies: none

 

Aliases:  none

 

Behaviour:  the server runs hidden from ctrl alt del but doesn’t create any files it runs straight from the original. The server will also try and dial up your default internet connection (dun) after it has been executed.

 

Removal:  this trojan does not auto load when an infected computer reboots so basically removal is simple: reboot then delete server.exe 7.00 KB (7,168 bytes)

 

Special: This trojan is configurable and has icq pager notification of the victim’s online details but it seems a bit pointless as the trojan does not auto load so this function would only work once.

 

Author: Slim

 

Notes: This trojan is not really a threat as far as being widespread, but it could be used very maliciously if the person using it new how.