Written in Delphi

Released in April 2000

-The client program:
 DaCryptic.exe

-The backdoor:
 simple_verc.exe


''-Source code of the simple backdoor
'' simple_ver.dpr
''-Source code of the worm version
'' worm_ver.dpr


This backdoor/worm has been coded in the period of the PrettyPark worm so it's an old
project forgotten in a drawer.
This worm has never been spread because there are many little bugs and it's really dirty coded.

-The keylogger function doesn't work under NT, an external dll must be build.
-The trick with the exefile\command\open in the registry seems to not run all programs.



Little description:

The worm function scan Outlook and Eudora address book file and after send email.
I don't know know if that work with the last versions.

There is a thread which connect to an irc for see who is online.

The port 1174 is open only when the victim is online and the Wsock32 api call are
encrypted and the protocol of the backdoor too.

The keylogger was design mainly for detect if a 13,16 digit code is tape on the
keyboard and after put a flag in the registry
(it's surely the big need of money who push me to put this function inside :-).

The other function are: registry access, file upload/download, windows process, etc..

Cryptic_


Server:
C:\WINDOWS\SYSTEM\KERNEL32.VXD

size: 28.160 bytes

port: 1174 TCP

startup:
HKEY_CLASSES_ROOT\exefile\shell\open\command "(Default)"