| Port No | 51966 |
| Service Name | Cafeini |
| RFC Doc | 0 |
| Protocol | TCP |
| Description | Works on Windows 95, 98, NT and 2000. Telnet can also be used as client. |
| Reference Link | |
| Attack | Registers: HLM\Software\Microsoft\Windows\CurrentVersion\Run\ HKEY_LOCAL_ MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOne\ HLM\Sof tware\Microsoft\Windows\CurrentVersion\RunServices\ HLM\Software\ Microsoft\Windows\CurrentVersion\RunServicesOnce\ HCU\Software\Mic rosoft\Windows\CurrentVersion\Run\ HCU\Software\Microsoft\Windows\ CurrentVersion\RunOnce\ HCU\Software\Microsoft\Windows\CurrentVers ion\RunServices\ HCU\Software\Microsoft\Windows\CurrentVersion\Run ServicesOnce Files: Cafeini_polish.zip - 121,628 bytes Cafeini0.8.zip - 250,361 bytes Cafeini0.9.zip - 281,752 bytes Cafein10.zip - 377,898 bytes Cafeini1.1.zip - 395,170 bytes Cafeini.exe - 122,880 bytes Cafeini.exe - 142,848 bytes Cafeclnt.exe - 132,608 bytes Cafeclnt.exe - 143,872 bytes Cafeiniclient.exe - 158,720 bytes Cafeiniclient.exe - 163,840 bytes Cafeiniconfig.exe - 72,192 bytes Cafeiniserver.exe - 153,600 bytes Cafeiniserver.exe - 165,888 bytes Cafe08pl.exe - 123,904 bytes Rundll32.exe - Bygotit.exe - Hemany.exe - Mutihaka.exe - Pazymi.exe - Wilokyl.exe - Actions: Remote Access It kills more than 20 antivirus programs in memory and also four dedicated antitrojan softwares. The trojan can redirect ports and connect to several servers at the same time. It can also be used as a port scanner. Cafeini can also take another programĀ“s place in the Registry. The server will automatically be updated using HTTP. |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.