SdBot.BZJ is a Trojan. A Trojan is a program that pretends to have a valid use, but in fact modifies the user's computer in malicious way. Trojans do not replicate or spread to other computers. SdBot.BZJ is compressed using the executable packer and its file size is 38,912 bytes. It uses the network connection: - Looks for an Internet connection.
- Connects to "ipv9.vncsvr.net" on port 23337 (TCP).
- Sends data stream (15 bytes) to remote address "ipv9.vncsvr.net", port 23337.
- Connects to IRC Server.
SdBot.BZJ drops the following files on the hard drive: - c:\sample.exe (38912 bytes)
- C:\WINDOWS\system\NOTEPAD.exe (38912 bytes)
It also changes Windows registry: - Creates key "HKLM\Software\\Microsoft\\Windows".
- Sets value "Temporary123"="c:\sample.exe" in key "HKLM\Software\\Microsoft\\Windows".
- Creates key "HKLM\System\CurrentControlSet\Services\NOTEPAD".
- Sets value "ImagePath"=""C:\WINDOWS\system\NOTEPAD.exe"" in key "HKLM\System\CurrentControlSet\Services\NOTEPAD".
- Sets value "DisplayName"="NOTEPAD" in key "HKLM\System\CurrentControlSet\Services\NOTEPAD".
- Sets value "WaitToKillServiceTimeout"="7000" in key "HKLM\System\CurrentControlSet\Control".
SdBot.BZJ configures following services on NT based machines: - Creates service "NOTEPAD (NOTEPAD)" as ""C:\WINDOWS\system\NOTEPAD.exe"".
It creates the following mutex to ensure only one instance is running: cDg7000dbgA. |
