CmjSpy (q)
(Backdoor.Win32.CmjSpy.q)

by cmjboy

Written in Delphi, compressed with UPX

Made in China

more versions 




Server:
c:\WINDOWS\SYSTEM\magiclink.exe 

size: 302.080 bytes 

port: 1982 TCP

startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "Magic Link server" 


dropped files:
c:\WINDOWS\SYSTEM\magiclink.exe 
c:\WINDOWS\SYSTEM\magicset.set 
c:\WINDOWS\TEMP\tdllcope.vxd
MegaSecurity