Event ID - 12363

Port No12363
Service NameWhack_a_mole
RFC Doc0
ProtocolTCP
DescriptionWorks on Windows 95, 98 and NT.
Reference LinkWhack_a_mole
AttackRegisters:
HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Files:
Whakmole.exe - 314,636 bytes Whakamole170.exe - 357,455 bytes Whack.exe -

Actions:
Remote Access / Trojan dropper
Disguised as a game. Installs NetBus server 1.60 or 1.70 while you play a game, trying to shoot at a bear.

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.