| Port No | 60411 |
| Service Name | Connection |
| RFC Doc | 0 |
| Protocol | TCP |
| Description | Works on Windows 95, 98 and NT. The virusdropping server drops what´s is called the "WMC Virus |
| Reference Link | |
| Attack | Registers: HCU\Software\Microsoft\Windows\CurrentVersion\Run Files: Connection.zip - 140,156 bytes Connection1.0.zip - Connection1.1.zip - 152,028 bytes Connection1.2.zip - 20,171 bytes Connection1.3.zip - 19,932 bytes Connection.exe - 10,752 bytes Connection.exe - 23,040 bytes Connection.exe - 26112 bytes Winoldap.exe - 14,848 bytes Winoldap.exe - 26,112 bytes Winoldap.exe - 27,136 bytes Server.exe - 14,848 bytes Winrun.exe - Setup.exe - 26,624 bytes Normalserver.exe - 139,656 bytes Virusserver.exe - 141,672 bytes Actions: Remote Access / Virus dropper / Virus Virusserver actually binds to other .exe files by infecting them |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.