CyberSpy 1.3 (b)
(Backdoor.Win32.Cyberspy.13.b)

by Ghirai

Made in Visual Basic

more versions 


Server:
dropped file:
C:\WINDOWS\SYSTEM\~Cab001.exe 

size: 48 and 49 KB

port: 38742 TCP

startup:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run "Regcheck" 
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices "Regcheck" 
c:\windows\win.ini, "load"
MegaSecurity