by Lin
Written in Delphi
Released in March 2005
Made in China
Server: dropped files: c:\WINNT\system32\EXPL0RER.EXE Size: 35,423 bytes c:\WINNT\system32\SP00LSV.EXE Size: 35,423 bytes port: 25555, 800 TCP startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "EXPLORER" data: EXPL0RER.EXE based on source of DarkMoon tested on Windows 2000 May 31, 2005MegaSecurity