| Port No | 1042 |
| Service Name | BLA trojan |
| RFC Doc | 0 |
| Protocol | TCP |
| Description | Works on Windows 95 and 98. |
| Reference Link | BLA trojan Trojan |
| Attack | It autoloads the Registry: HLM\Software\Microsoft\Windows\CurrentVersion\Run\ File : Dbla.zip - 307,489 bytes Bla.zip - 305,115 bytes Bla1.0.zip - 310,684 bytes Bla20.zip - 615,572 bytes Bla40.zip - 603,821 bytes Bla5.01.zip - Bla502.zip - Bla503.zip - 838,477 bytes Bla51.zip - Trojan.exe - 64,658 bytes Trojan.exe - 91,032 bytes Blaclient.exe - 1,359,360 bytes Bla(client).exe - 1,342,976 bytes Bla501 tcp proxy.exe - Bla501trojan.exe - Blaclient.exe - Blaclient2.exe - Blaaaaa.exe - 1,284,096 bytes Blaaaaa.exe - 1,330,688 bytes Msv32.dll - 64,658 bytes Msv32.dll - 144,896 bytes Msv32-1.dll - Scanirc.exe - 303,616 bytes "renamed server".exe - 217,600 bytes Mprdll.exe - Asian trojan.exe - 192,512 bytes Tcpload.exe - 255,488 bytes Tcpproxy.exe - 32,768 bytes Module.ini - 78 bytes Normal trojan.exe - 217,088 bytes Salope trojan.exe - 229,376 bytes Self extract.exe - 94,208 bytes Log.txt - ??? bytes It does the following : 1. Remote Access 2. Steals passwords The client also drops a server! The hacker could choose to log passwords only or all text written. One of the functions is to kill antivirus software. |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.