BestPics
This RAT was written in Visual C++. The author is unknown but the place
of origin is probably Germany. The virus can be classified as
non-destructive, and the technique it uses for hiding is one of a kind:
then the victim executes this RAT, it drops three pornographic JPEG
files in the current directory. It also drops one file in the Windows
computer directory. The application is executed each time Windows starts. To
hide its PE/Win32 structure, an MS-DOS Application icon is shown
instead. The interface is written in English. It affects only Windows
operating computers.
File System Modifications
- The following files were created in the system:
# File Name 1 [system 2 backdoor.bestpics.exe 3 ntss.exe
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{RegistryKeys}HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionetmanagerservice
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.