| Port No | 1082 |
| Service Name | WinHole |
| RFC Doc | 0 |
| Protocol | TCP |
| Description | Works on Windows 95 and 98. |
| Reference Link | WinHole Trojan |
| Attack | It autoloads the Registry: HLM\System\CurrentControlSet\Services\VxD\ HLM\Software\Qbik Software\WinGate\ File : Winhole.zip - 402,311 bytes Winhole.zip - 402,656 bytes Mmtask.exe - 349,696 bytes Regedit.exe - 105,984 bytes Vmload.vxd - 10,843 bytes It does the following : Remote Access A trojanized version of Wingate proxy server. Mmtask.exe is a copy of the legitimate WinGate server packed with the compressor UPX. |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.