Thanks for sharing. Typical backdoor with tcp server inside. Bot packed with UPX 3.07 and crypted.
Autoruns through
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run as SmartIndex
Just a coupe of stirngs from this bot (there are a lot of them inside), some typos detected :)
Client
started.
Error!!! .\client.cpp
Failed to init client!
_tWinMain
GoogleImpl
GooglePath
Software\Google
client:
Autorun update write failed
Config loaded Ok. own_id=
, port =
Loaded bootstrap list:
[forwardingrequest]Failed to connect to job_server:
X-Real-My-IP
[forwardingrequest]Failed to invoke get to job_server:
[forwardingrequest]http_response_info* presnose not filled after success get.
HTTP Proxy routed success. [remote_client:
-->> remote_server:
], URI=
Internal Server Error
AppID
SmartIndex
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Failed to write autorun entry
Autorun entry writed success.
[requesting_parachute]Failed to resolve URL:
[requesting_parachute]Connecting to
[requesting_parachute]Failed to connect to server:
[requesting_parachute]Invoking to
[requesting_parachute]Failed to invoke to server:
[requesting_parachute] presnose not filled, server:
[requesting_parachute]boot_helper surprise, response code =
[requesting_parachute]Failed! wrong response code =
[requesting_parachute] Empty body in http response :(
