Win32/Mooze [Threat Name]
Detection created | 2003-05-07 |
Short description
The trojan has a simple payload. The trojan sets the desktop and dialog boxes color to black.
Installation
When executed, the trojan copies itself into the following location:
- %system%\Pbt32.exe
In order to be executed on every system start, the trojan sets the following Registry entry:
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
- "Pbt32" = %system%\Pbt32.exe
The following Registry entries are set:
- [HKEY_CURRENT_USER\Control Panel\Colors]
- "ActiveBorder" = "0 0 0"
- "ActiveTitle" = "0 0 0"
- "AppWorkspace" = "0 0 0"
- "Background" = "0 0 0"
- "ButtonAlternateFace" = "0 0 0"
- "ButtonDkShadow" = "0 0 0"
- "ButtonFace" = "0 0 0"
- "ButtonHilight" = "0 0 0"
- "ButtonLight" = "0 0 0"
- "ButtonShadow" = "0 0 0"
- "ButtonText" = "0 0 0"
- "GradientActiveTitle" = "0 0 0"
- "GradientInactiveTitle" = "0 0 0"
- "GrayText" = "0 0 0"
- "Hilight" = "0 0 0"
- "HilightText" = "0 0 0"
- "HotTrackingColor" = "0 0 0"
- "InactiveBorder" = "0 0 0"
- "InactiveTitle" = "0 0 0"
- "InactiveTitleText" = "0 0 0"
- "InfoText" = "0 0 0"
- "InfoWindow" = "0 0 0"
- "Menu" = "0 0 0"
- "MenuText" = "0 0 0"
- "Scrollbar" = "0 0 0"
- "TitleText" = "0 0 0"
- "Window" = "0 0 0"
- "WindowFrame" = "0 0 0"
- "WindowText" = "0 0 0"
- [HKEY_CURRENT_USER\Control Panel\Desktop]
- "Wallpaper" = "0"
Other information
The trojan displays a fake error message:
- Run Error.
- This file is not a valid Win32 application.
The trojan may display the following messages:
- PitchBlack Trojan
- Ok, You've Had Your Fun Now...
- I'm Giving You ONE Last Chance To Turn Off Your Computer Within 1 Hour!
- Better NOT Turn On Your Computer Again Today.
- Merry (Dark) Christmas!
- Too bad you don't listen to ppl coz u just activated The Pitch Black Trojan By [Mooze / Spawned Vikings]