Kidarcade

Name:	Kidarcade
Aliases:	VBS.Kidarcade,
Ports:
Files:	Html.hta - 2ascii.bin - Winrun.exe - Wininit.ini -Shell32.dll ??
Created:	2001
Requires:
Actions:	Worm / Remote Access / Trojan dropper
	Alters Win.ini. The Vbs code is hidden in a HTML page. Html.hta autoloads using the Windows Startup Directory. Using Debug.exe the bin file is extracted and written as Winrun.exe. Winrun is a Remote Access trojan. 2ascii.bin is then deleted.
Versions:
Registers:	HKEY_CLASSES_ROOT\htafile
Notes:	Works on Windows.
Country:
Program:	Written in Assembler, JavaScript and Visual Basic Script (VBS).

© Copyright von Braun Consultants. This information may include technical inaccuracies or typographical errors. If you have any questions or further information about the actual trojan above, please contact Joakim von Braun at <joakim.von.braun@risab.se>