| Port No | 2345 |
| Service Name | Doly Trojan |
| RFC Doc | 0 |
| Protocol | TCP |
| Description | Works on Windows 95, 98 and NT. Please note that not all versions work on NT. Dhacker.exe is a Doly 1.6 password cracker and Vbrun60.exe is only needed if you want to run it (written in Visual Basic 6). Master Password for versions 1.6 and 1.7 is ""Sarit"". |
| Reference Link | Doly Trojan Trojan |
| Attack | It autoloads the Registry: HCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ HKEY_USER\.Default\Software\Marabilis\ICQ\Agent\Apps\ It does the following : 1. Remote Access / Keylogger / IRC trojan 2. Doly is hidden in several different programs: in Memory Manager, in an Interactive Game, and in a Downloading program. The trojan also starts using Windows Startup Directory. |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.