Blhouse (a)
(Backdoor.Win32.Blhouse.a)

by ?

Written in Borland C++, compressed with UPX

Released in January 2003

Made in China

more versions 



Client:
port: 5527 TCP



Server:
c:\WINDOWS\SYSTEM\RegeditExec.exe 

size: 302.592 bytes

port: 2527, 3527, 4527 TCP

startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "RegeditExec" 

added:
c:\WINDOWS\SYSTEM\RegeditExec.dat 
c:\WINDOWS\SYSTEM\Winlogin.dat 
c:\WINDOWS\SYSTEM\winlogin.dll
MegaSecurity