Event ID - 54320

Port No54320
Service NameBack Orifice 2000
RFC Doc0
ProtocolTCP
DescriptionWor ks on Windows 95, 98 and NT. XOR, Tripple DES and five other encryption algorythems. Open plug-in architecture. ˆ Open source code (GNU) is available. When it first was published it came in one domestic version and one internation, because of the strong encryption the domestic version used.
Reference LinkBack_Orifice_2000.htm
Attack

Registers:
HKEY_LOCAL_USERS\Software\Microsoft\Windows\CurrentVersion\RunServices

Files:
Bo2k.zip - 1,786,264 bytes Bo2k_dist_1_intl.zip - 479,120 bytes Bo2k_dist_1.0_us.zip - 490,714 bytes Bo2kdist1.0us.zip - 65,536 bytes Bo3des.zip - 21,030 bytes Bo2ksdk.zip - 28,670 bytes Bo2k_1_0_full.exe - Bo2k_1_0_intl.exe - 1,304,617 bytes Umg32.exe - Umgr32.exe - Umgr32,1.exe - Server.exe - Bo2k.exe - Bo2kcfg.exe Bo2kgui.exe - Bo3des.dll - Bo_peep.dll - - 65,535 bytes

Actions:
Remote Access
Runs as a hidden service. Uses encryption

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.