Glacier
This RAT originated in China. The author is a hacker called Y2KZERO. A lot of versions appeared from October 1999 to July 2004. The virus is written in Delphi and compressed with UPX. The infection peaked in such countries as Lithuania and United States. This application was designed for illegal controlling of other people's PCs. The hacker infects the victim's machine via the e-mail or File and Print Sharing with a "server" application. He can later access the infected machine via a "client". The functions of a RAT may vary, depending on the needs of the hacker.
File System Modifications
- The following files were created in the system:
# File Name 1 .exe 2 2003.exe 3 [system 4 backdoor.g_door.b_(183).exe 5 backdoor.g_door.b_(222).exe 6 bh5.5b.exe 7 client.exe 8 g_client).exe 9 g_clinet.exe 10 g_server.exe 11 garu.exe 12 ldb.exe 13 lfp.exe 14 mma.exe 15 operate.ini 16 psw.tmp 17 pucca.exe 18 readme.txt 19 readmenow.txt 20 rnudll32.exe 21 server.exe 22 setup.ini 23 shellscrap.exe 24 sysdll32.exe 25 sysexecr.exe 26 sysexplr.exe 27 sysrun32.exe 28 system32.exe 29 tel.dll 30 ttian.net.htm 31 winabc.exe
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{RegistryKeys}HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionunsysdll32.dll
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.