Event ID - 20331

Port No20331
Service NameBLA trojan
RFC Doc0
ProtocolTCP
DescriptionWorks on Windows 95 and 98.
Reference LinkBLA trojan Trojan
AttackIt autoloads the Registry:
HLM\Software\Microsoft\Windows\CurrentVersion\Run\

File :
Dbla.zip - 307,489 bytes Bla.zip - 305,115 bytes Bla1.0.zip - 310,684 bytes Bla20.zip - 615,572 bytes Bla40.zip - 603,821 bytes Bla5.01.zip - Bla502.zip - Bla503.zip - 838,477 bytes Bla51.zip - Trojan.exe - 64,658 bytes Trojan.exe - 91,032 bytes Blaclient.exe - 1,359,360 bytes Bla(client).exe - 1,342,976 bytes Bla501 tcp proxy.exe - Bla501trojan.exe - Blaclient.exe - Blaclient2.exe - Blaaaaa.exe - 1,284,096 bytes Blaaaaa.exe - 1,330,688 bytes Msv32.dll - 64,658 bytes Msv32.dll - 144,896 bytes Msv32-1.dll - Scanirc.exe - 303,616 bytes "renamed server".exe - 217,600 bytes Mprdll.exe - Asian trojan.exe - 192,512 bytes Tcpload.exe - 255,488 bytes Tcpproxy.exe - 32,768 bytes Module.ini - 78 bytes Normal trojan.exe - 217,088 bytes Salope trojan.exe - 229,376 bytes Self extract.exe - 94,208 bytes Log.txt - ??? bytes

It does the following :
1. Remote Access
2. Steals passwords
The client also drops a server! The hacker could choose to log passwords only or all text written. One of the functions is to kill antivirus software.

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.