Subscribe0 0
This Trojan enables a malicious user to access a remote victim machine. The Trojan itself is a Windows PE EXE file approximately 67KB in size, packed using UPX.
InstallationOnce launched, the program copies itself to the Windows system directory under the name "Rat.exe":
%System%\Rat.exe
In systems running Windows NT/2000/XP the backdoor will run as a service called "X-Rat". It will add a record to the following registry key:
[HKLM\System\CurrentControlSet\Services\X-Rat]Payload
The backdoor opens a random TCP port on the victim machine, giving the remote malicious user full access to the infected system.
The backdoor enables the remote malicious user to upload files to the victim machine, launch them, view the list of processes, terminate processes, receive information about the infected system (including passwords entered via the keyboard for a range of computer games, and other confidential data), reboot the computer, launch a proxy server on the infected machine, and execute a range of commands.
Hot Articles