Backdoor RBot – AcD.bat – 0b9ba81a228b5c1557f540810d5b07e2

Backdoor No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.

Backdoor RBot
Also known as: Backdoor IRCBot, Trojan Crypt
SHA256: e222f059eb2aa23283cdcf1754e71cb760f3c2a57d2c6ef1c6ff9ce18669d1ca
SHA1: 5055913c22462aab9a9ab788d225a00b08ad4b23
MD5: 0b9ba81a228b5c1557f540810d5b07e2
File size: 137216 bytes

Created files:

C:\AcD.bat – Backdoor RBot
%SysDir%\Tilecomgm.com – Backdoor RBot

Backdoor RBot created autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\PC Tilecomgm: Tilecomgm.com
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\PC Tilecomgm: Tilecomgm.com
HKLM\System\CurrentControlSet\Services\SharedAccess\Start: 04000000
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\UseDomainNameDevolution: 01000000
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DeadGWDetectDefault: 01000000
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\EnableSecurityFilters: 01000000
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\PrioritizeRecordData: 01000000
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\TCP1320Opts: 03000000
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\KeepAliveTime: 80320200
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\BcastQueryTimeout: EE020000
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\BcastNameQueryCount: 01000000
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\CacheTimeout: 60EA0000
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Size/Small/Medium/Large: 03000000
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\LargeBufferSize: 00100000
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\SynAckProtect: 02000000
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\FastSendDatagramThreshold : 00040000
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\StandardAddressLength : 18000000
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DefaultReceiveWindow : 00400000
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DefaultSendWindow: 00400000
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\BufferMultiplier: 00020000
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\PriorityBoost: 02000000
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\IrpStackSize: 04000000
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DynamicBacklogGrowthDelta: 32000000
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\FastCopyReceiveThreshold: 00040000
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\LargeBufferListDepth: 0A000000
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\MaxActiveTransmitFileCount: 02000000
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\MaxFastTransmit: 40000000
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\OverheadChargeGranularity: 01000000
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\SmallBufferListDepth: 20000000
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\SmallerBufferSize: 80000000
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\TransmitWorker: 20000000
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSQueryTimeouts: 122480
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DefaultRegistrationTTL: 14000000
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DisableReverseAddressRegistrations: 01000000
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DisjointNameSpace: 01000000
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\NoNameReleaseOnDemand: 01000000
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\EnableFastRouteLookup: 01000000
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\MaxFreeTcbs: D0070000
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\MaxHashTableSize: 00080000
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\SackOpts: 01000000
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Tcp1323Opts: 03000000
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\TcpMaxDupAcks: 01000000
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\TcpRecvSegmentSize: 85050000
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\TcpSendSegmentSize: 85050000
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\TcpWindowSize: 00D20700
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DefaultTTL: 30000000
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\TcpMaxHalfOpen: 4B000000
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\TcpMaxHalfOpenRetried: 50000000
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\MaxNormLookupMemory: 400D0300
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\FFPControlFlags: 01000000
HKLM\System\CurrentControlSet\Services\wscsvc\Start: 04000000
HKLM\System\CurrentControlSet\Services\wuauserv\Start: 04000000

Leave a Reply

Privacy Policy      Terms and Conditions

Thank you for theme by IdeaBox       Credits: Thank you to www.icons8.com for Icons and Images