Name: 711 beta 1

 

Main: default 711.exe   size 287kb or 312kbs (configurable)

Keys:  values added:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count "HRZR_EHACNGU:P:\hamvccrq\Frira11o1\711.rkr"

Type: REG_BINARY

Data: 4F, 00, 00, 00, 06, 00, 00, 00, E0, E8, 92, 83, 61, B6, C0, 01

Values changed:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count "HRZR_EHACNGU"

Old type: REG_BINARY

New type: REG_BINARY

Old data: 4F, 00, 00, 00, 3E, 06, 00, 00, 00, 22, 3D, 49, 61, B6, C0, 01

New data: 4F, 00, 00, 00, 3F, 06, 00, 00, E0, E8, 92, 83, 61, B6, C0, 01

 

 

Version: beta 1

 

Type: remote access/administration

 

Port/s used: default port 80, configurable

 

Files:  c:\_RESTORE\TEMP\A0081741.CPY, c:\WINDOWS\Windll.exe

 

Modifies:    deletes 711.exe

 

Aliases:     seven1one

 

Behaviour:  This trojan does not really infect, as it is a beta/demo of its upcoming capabilities.

 

Removal:   This trojan does not auto load, simply deleting windll.exe will remove the trojan

 

Special: 711 has features that have not been seen in any other trojan before, some of its features are unique and dangerous.

 

Author: whY

 

Notes:  The author of this trojan had only been coding for 6 months when he made this, it is very buggy but if it was refined it could become a very dangerous trojan, and possibly become more popular then Subseven.