Event ID - 6712

Port No6712
Service NameSubSeven
RFC Doc0
ProtocolTCP
DescriptionWorks on Windows 95, 98 and NT. From version 2.2 beta 2 also on NT, before only on 95 and 98. Version 2.1 can also be controlled via messages over IRC and ICQ. From 2.13 all file names are default names and can be changed. ˆ Source code is decompiled and available.
Reference LinkSubSeven Trojan
AttackIt autoloads the Registry:
HLM\Software\Microsoft\Windows\CurrentVersion\Run\ HLM\Software\Microsoft\Windows\CurrentVersion\RunServices\ HLM\SOFTWARE\exefile\shell\open\command

It does the following :
1.Remote Access
2. ICQ trojan
3. IRC trojan
Alters System.ini and Win.ini. The program "Mirc56freezer.exe" is in some cases infected with SubSeven 1.8. There are secret masterpasswords hidden in SubSeven, at least in versions 1.9 and 2.1. At least one file is compressed by the packer UPX 0.72. Pending on what functions you add to the server, the size of it will also change! With more than 100 "features" is one of the more powerful of all Remote Access Trojans(RATs).

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.