SubSARI


Name: SubSARI
Aliases: Backdoor.SubSARI,
Ports: 39, 1028, 1028 (UDP), 1029, 1029 (UDP), 3131, 6711, 35600, 40308, 50000 (ports can not be changed)
Files: Subsari1.0.zip - Subsari1.2.zip - 647,285 bytes Subsari1.3.zip - 717,568 bytes Subsari1.4.zip - Subsari 12.exe - 256,512 bytes Subsari 13.exe - 283,136 bytes Server 12.exe - 204,800 bytes Server13.exe - 239,104 bytes Sduzen.exe - 141,312 bytes Runexec.exe - Winexec.exe - Kuusbffc..exe - Icqinet.dll - Zimbirti.exe - Ayar.kip - 5,860 bytes Ayar.kip - 5,875 bytes Ayar.kip - 5,897 bytes Dosya.kip - 96 bytes Tools.kip - 46 bytes Yedek.kip - 5,760 bytes
Created: Jun 2000
Requires:
Actions: Remote Access / Keylogger / Steals passwords / FTP server
Registers: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
Notes: Works on Windows 95, 98 and ME.
Country: written in Turkey
Program:

© Copyright von Braun Consultants. This information may include technical inaccuracies or typographical errors. If you have any questions or further information about the actual trojan above, please contact Joakim von Braun at <joakim.von.braun@risab.se>